virus logo Intrusion Prevention

ProcessMaker.Plugin.Upload.Module.Arbitrary.PHP.Code.Injection

description-logoDescription

This indicates an attempt to upload a malicious plugin in ProcessMaker.
ProcessMaker is a workflow software solution, but it can be abused to install malware, for example, a backdoor. Valid credentials with admin privileges is required for a successful exploitation.

affected-products-logoAffected Products

ProcessMaker version 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1
ProcessMaker version 3.2.0 on Debian Linux 8

Impact logoImpact

System Compromise: Authenticated remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Restrict and audit the access to ProcessMaker.

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://wiki.processmaker.com/3.0/Plugin_Development
ID 45757
Created Apr 12, 2018
Updated May 02, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS All
Affected App PHP_app
Profile Type Code Injection