RCE vulnerability in Dynamicweb enterprise software could allow server compromise

A vulnerability in Dynamicweb could allow an unauthenticated attacker to compromise a victim’s server, researchers have warned.

Dynamicweb is a popular enterprise suite that provides services such as content management, digital marketing, and e-commerce solutions.

The vulnerability, discovered by researchers from AssetNote, could allow a malicious actor to gain privileges and execute code, compromising the application and server.

It was detailed in a blog post from AssetNote, which was published recently.

“An unauthenticated attacker can add a new administrator user that has full administrative access to the ecommerce installation of Dynamicweb,” Shubham Shah, who found the bug, told The Daily Swig.

“Once the attacker has this administrator access, it is possible to upload a web shell and achieve command execution. This would lead to a full compromise of the application and server.”

‘Extremely easy’

The vulnerability “was difficult to find, however is extremely easy to exploit”, said Shah.

It was first introduced into the codebase back in 2018 and was left unpatched until AssetNote disclosed the bug in February 2022.

Users on the 9.x branch of Dynamicweb have “most likely been vulnerable since 2018”, said Shah, who added that he doesn’t know the scope of unpatched users.

AssetNote reported the bug to Dynamicweb, which has since released a number of hotfixes for issue. Users are urged to update to a hotfixed version as soon as possible.

Source: https://portswigger.net/daily-swig/rce-vulnerability-in-dynamicweb-enterprise-software-could-allow-server-compromise