Submit #259240: gopeak MasterLab ≤v3.3.10 File Uploadinfo

Titelgopeak MasterLab ≤v3.3.10 File Upload
BeschreibungMasterLab, a project management tool designed for team collaboration on tasks and projects, has been identified to contain a backend PHP file upload vulnerability in versions up to and including v3.3.10. The vulnerability specifically resides within the setProfile function of the app/ctrl/User.php file. The crux of the vulnerability lies in the function's handling of image uploads for user avatars. The function accepts Base64-encoded image data, including a MIME type declaration, which it decodes and uses as the file extension without proper validation. This approach fails to verify whether the actual file content matches the declared MIME type. Exploitation of this vulnerability is feasible by crafting a malicious request that uploads a file containing harmful code disguised as an image (e.g., a PHP script masquerading as an image file). In the provided HTTP POST request example, an attacker sets the image parameter with Base64-encoded PHP code (a simple phpinfo() call in this case) and falsely claims its MIME type to be image/php, thus circumventing any file type checks. Once uploaded, the attacker can potentially execute the PHP code by accessing the user avatar's URL, which may lead to remote server control or other malicious activities. This vulnerability can be exploited to perform a range of attacks, including but not limited to server-side code execution, web shell deployment, data leakage, etc., posing a significant security risk. Users of MasterLab are advised to update to the latest version promptly to mitigate the exploitation of such vulnerabilities.
Quelle⚠️ https://note.zhaoj.in/share/affd8cjn50HC
Benutzer
 glzjin (UID 59815)
Einreichung28.12.2023 09:24 (vor 2 Jahren)
Moderieren28.12.2023 09:34 (10 minutes later)
StatusAkzeptiert
VulDB Eintrag249150 [gopeak MasterLab bis 3.3.10 app/ctrl/User.php base64ImageContent image erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!