CVE-2021-46384: 
Java vulnerability analysis and mitigation

CVE-2021-46384 affects MCMS versions 5.2.5 and earlier, containing a pre-authentication Remote Code Execution (RCE) vulnerability. The vulnerability allows unauthenticated attackers with network access via HTTP to compromise MCMS through template injection using the expression ${"freemarker.template.utility.Execute"?new()("calc")}. This vulnerability was discovered in January 2022 (Gitee Issue).

The vulnerability exists in the EditorAction#editor functionality where attackers can manipulate UEditor configurations through JSON parameters and upload files. By modifying the image upload path to /template/1/default/{time} and adding .htm to allowed extensions, attackers can upload malicious template files. The vulnerability can be triggered through the MCmsAction#search method by passing a tmpl parameter to render the malicious template, leading to remote code execution (Gitee Issue). The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

Successful exploitation of this vulnerability can result in complete takeover of the MCMS system. An attacker can execute arbitrary code on the target system with the privileges of the application, potentially leading to full system compromise (NVD).

Users should upgrade to MCMS versions newer than 5.2.5. The vulnerability was addressed in version 5.2.6 (Gitee Issue).