Описание
REDAXO allows Arbitrary File Upload in the mediapool page
Summary
An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware.
Details
On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary file upload.
PoC
- Log in to the portal then navigate to
Mediapool. - Upload a png file (ex: poc.png)
- Intercept the upload HTTP request on burp suite and change
filename: poc.1html,Content-Type:image/htmland insert the malicious html code. (ex:<IFRAME SRC="javascript:alert(1);"></IFRAME>)
-
Forward the request.
-
Navigate to the file.
Impact
Exploiting an arbitrary file upload vulnerability enables attackers to execute malicious code on a server.
Пакеты
Наименование
redaxo/source
composer
Затронутые версииВерсия исправления
< 5.18.3
5.18.3
Связанные уязвимости
CVSS3: 5.4
nvd
11 месяцев назад
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3.