Magix CMS 4 Exposed Installer Allows Unauthenticated Admin Takeover

A critical security flaw in Magix CMS 4 leaves the software's installation workflow fully accessible after deployment, enabling any unauthenticated attacker to completely hijack the website. The vulnerability stems from the installer entry point failing to properly block access once the CMS is configured, allowing remote attackers to directly access `install/index.php` and trigger a reinstallation.

Specifically, an attacker can exploit this by first invoking the database configuration step to overwrite the critical `app/init/config.php` file with their own database settings. With control of the database connection, they can then proceed to the final setup step, which creates a new administrator account within that database. This sequence grants the attacker full administrative privileges over the CMS, effectively taking over the site. The flaw is particularly dangerous as it can be chained with other authenticated backend vulnerabilities for deeper system compromise.

The exposure of such a fundamental installation process post-deployment represents a severe architectural oversight, putting all sites running the affected version at immediate risk of complete compromise. This vulnerability bypasses all standard authentication mechanisms, requiring no prior access or user interaction. Site administrators are under pressure to verify their installations are secured and that the installer directory is completely removed or blocked to prevent this straightforward path to administrative control.