A critical authentication bypass vulnerability exists in UliCMS, identified as CVE-2023-53914. This flaw allows an unauthenticated attacker to remotely create a new user with full administrative privileges by sending a specially crafted request. Successful exploitation results in a complete compromise of the affected UliCMS application, granting the attacker total control over the system.

The vulnerability is a mass assignment flaw within the UserController component of UliCMS. An unauthenticated attacker can exploit this by sending a crafted POST request to the /admin/index.php endpoint. The request includes parameters that the application improperly processes, allowing the attacker to set arbitrary user attributes, including administrative privileges, during the user creation process without requiring any prior authentication. This effectively bypasses all security checks and grants the newly created user full administrative access to the UliCMS instance.

Business Impact This vulnerability carries a critical severity rating with a CVSS score of 9.8. Exploitation leads to a complete compromise of the UliCMS application's confidentiality, integrity, and availability. An attacker with administrative access can steal sensitive data, modify or delete content, deface the website, install malware, and potentially use the compromised server as a pivot point to attack other systems within the network. This can result in significant financial loss, reputational damage, and regulatory penalties depending on the data hosted on the application.

Immediate Action: Immediately update all instances of UliCMS to the latest patched version as recommended by the vendor. Consult the official UliCMS security advisory for specific patch information and installation instructions. After patching, review system logs for any signs of exploitation and audit the user list for any unauthorized administrative accounts.

Proactive Monitoring: Monitor web server access logs for unusual POST requests to the /admin/index.php endpoint, particularly from untrusted or unexpected IP addresses. Scrutinize requests containing parameters related to user creation, such as username, password, email, and is_admin. Implement alerts for the creation of new administrative accounts within the application's audit logs.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) rule to block POST requests to /admin/index.php that contain user creation parameters from unauthenticated sources. Additionally, restrict access to the /admin/ directory at the network or web server level to only trusted IP addresses.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the existence of public exploit code, this vulnerability poses an immediate and severe threat to the organization. We strongly recommend that all affected UliCMS instances be patched immediately without delay. A thorough compromise assessment should be conducted to search for unauthorized administrative accounts or other indicators of a breach. This vulnerability should be treated with the highest priority, regardless of its current CISA KEV status.