Created
October 24, 2022 22:08
-
-
Save Hadi999/1f66fe7c5a217ca261ebfec36c630d18 to your computer and use it in GitHub Desktop.
CVE-2022-40797
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> [Suggested description] | |
> Roxy Fileman 1.4.6 suffers from a Remote Code Execution (RCE) | |
> vulnerability caused by a weak upload control. | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> The Vendor website is down, in order to download the application we must use Internet Archive. | |
> | |
> ------------------------------------------ | |
> | |
> [Vulnerability Type] | |
> Incorrect Access Control | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> Roxyfileman | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Roxy Fileman - 1.4.6 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> In the configuration file 'conf.json' which is a JSON array, the key "FORBIDDEN_UPLOADS" contains as value all the file extensions forbidden such as php php4 php5. | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Code execution] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> In order to exploit this Vulnerability, an attacker needs to upload a PHP file using the following extension .phar , this extension isn't forbidden by the upload form. | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://web.archive.org/web/20210126213412/https://roxyfileman.com/download.php?f=1.4.6-php | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Hadi Mene |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment