CVE-2022-45896 in eStream
Summary
by MITRE • 12/25/2022
Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/14/2025
The vulnerability identified as CVE-2022-45896 affects Planet eStream versions prior to 6.72.10.07 and represents a critical security flaw in the file upload functionality of the application. This vulnerability exists within the media management system where users can upload video content, related media files, or documents through multiple upload endpoints. The flaw stems from insufficient input validation and authentication checks that allow any remote attacker to bypass security controls and upload arbitrary files to the server without proper authorization.
The technical implementation of this vulnerability involves two primary upload endpoints: Upload2.ashx and Ajax.asmx/ProcessUpload2. These endpoints lack proper authentication mechanisms and file type validation, creating a pathway for malicious actors to upload potentially dangerous files such as web shells, executable binaries, or other malicious payloads. The absence of proper access control checks means that any user, authenticated or not, can leverage these endpoints to perform unauthorized file uploads. This represents a classic case of insecure file upload vulnerability where the application fails to properly validate file contents, extensions, or MIME types against a whitelist of acceptable formats.
The operational impact of this vulnerability is severe and potentially catastrophic for organizations using affected Planet eStream installations. Successful exploitation allows attackers to achieve remote code execution on the target server, providing them with complete control over the affected system. This means attackers can execute arbitrary commands, escalate privileges, access sensitive data, install backdoors, or use the compromised server as a launching point for further attacks within the network. The vulnerability essentially transforms the media management system into a weaponized entry point for broader security breaches, potentially affecting entire enterprise infrastructures that rely on the platform for content distribution and management.
Organizations should immediately implement multiple layers of defense to mitigate this vulnerability. The primary mitigation involves applying the vendor-provided patch or upgrade to Planet eStream version 6.72.10.07 or later, which addresses the authentication and validation issues in the upload endpoints. Additionally, network segmentation should be implemented to limit access to the affected upload endpoints, and strict file type validation should be enforced at the application level. The principle of least privilege should be applied to restrict upload capabilities to only authorized users, and monitoring should be enabled to detect suspicious upload activities. From a compliance perspective, this vulnerability aligns with CWE-434 which addresses insecure file upload vulnerabilities, and it maps to ATT&CK technique T1195.001 for the use of web shell for remote access and execution. Organizations should also consider implementing web application firewalls to block malicious upload attempts and establish robust incident response procedures to quickly detect and respond to potential exploitation attempts.