Content Management System (CMS) is a software application that can be used to manage the creation and modification of digital content. CMSs are typically used for enterprise content management (ECM) and web content management (WCM). ECM typically supports multiple users in a collaborative environment by integrating document management, digital asset management and record retention.
Popular uses: Most CMS focus on creating, indexing and the modification of content. Additional features include search and retrieval, format management, publishing and admin features
WordPress is a leader in CMS and site building, with 36% of the web built on their platform, is one of the strongest players out there. Based on a free and open-source content management system written in PHP.
Drupal is a free and open-source web content management framework written in PHP, Drupal provides a back-end framework for at least 2.3% of all websites worldwide – ranging from personal blogs to corporate, political, and government sites.
Joomla is a free and open-source content management system for publishing web content, developed by Open Source Matters, Inc. It is built on a model–view–controller web application framework that can be used independently of the CMS.
Content management systems are becoming increasingly popular with over 50% of active domains online built/supported by one of these platforms, CMS-based websites are popular by hackers, using their potential weak spots for data hijacking and misuse of large corporations and individuals.
Previously, we had identified various vulnerabilities in CMS products such as an Unauthorized Password Reset exploit on WordPress or an Ametys CMS Unauthenticated Password Reset exploit and many others, with a potential risk for both admins and site users.
Think you figured out how to run unauthenticated commands on an CMS system? Found a WordPress vulnerability and don’t know what to do next? Let us be your guides!