Skip to content

Instantly share code, notes, and snippets.

@Hadi999
Created October 24, 2022 22:08
Embed
What would you like to do?
CVE-2022-40797
> [Suggested description]
> Roxy Fileman 1.4.6 suffers from a Remote Code Execution (RCE)
> vulnerability caused by a weak upload control.
>
> ------------------------------------------
>
> [Additional Information]
> The Vendor website is down, in order to download the application we must use Internet Archive.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Incorrect Access Control
>
> ------------------------------------------
>
> [Vendor of Product]
> Roxyfileman
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Roxy Fileman - 1.4.6
>
> ------------------------------------------
>
> [Affected Component]
> In the configuration file 'conf.json' which is a JSON array, the key "FORBIDDEN_UPLOADS" contains as value all the file extensions forbidden such as php php4 php5.
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> In order to exploit this Vulnerability, an attacker needs to upload a PHP file using the following extension .phar , this extension isn't forbidden by the upload form.
>
> ------------------------------------------
>
> [Reference]
> https://web.archive.org/web/20210126213412/https://roxyfileman.com/download.php?f=1.4.6-php
>
> ------------------------------------------
>
> [Discoverer]
> Hadi Mene
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment