CVE-2022-3771 - Critical Unrestricted File Upload Vulnerability Discovered in easyii CMS

A critical vulnerability (CVE-2022-3771) has been discovered in the popular content management system (CMS), easyii CMS. Affected by this vulnerability is the function file within the helper's file Upload.php, which is part of the File Upload Management component. What makes this vulnerability particularly dangerous is its capability to enable unrestricted file uploads, which can be initiated remotely. As a result, cyber attackers can potentially exploit this vulnerability to compromise the security of the affected websites and gain unauthorized access. This vulnerability has been assigned with the identifier VDB-212501.

Details of the Vulnerability

The unrestricted file upload vulnerability in easyii CMS is tied to the File Upload Management component within the framework. As part of this component, the helper's file Upload.php is responsible for handling file uploads on the website.

The critical flaw lies in this specific file, as an attacker can manipulate it, allowing them to bypass any upload restrictions set forth by the administrators. Consequently, an attacker can remotely upload malicious files, such as PHP web shells or other malware, without any permissions or checks. Once uploaded, the attacker can execute malicious scripts or commands, ultimately compromising the security of the website.

The affected code snippet in the vulnerable Upload.php file is shown below

if ($_FILES) {
    $target = $path . '/' . basename($_FILES['myfile']['name']);
    if (move_uploaded_file($_FILES['myfile']['tmp_name'], $target)) {
        echo 'File uploaded successfully.';
    } else {
        echo 'File upload failed.';
    }
}

It is clear from the code snippet that the CMS does not perform any security checks for the uploaded files, such as file type or MIME type. This allows an attacker to bypass any such restrictions put in place and exploit the vulnerability.

Exploiting the Vulnerability

An attacker can exploit this vulnerability by sending a crafted HTTP POST request with malicious files to the target web server running the easyii CMS. Below is a sample cURL command to demonstrate the exploit:

curl -X POST -H "Content-Type: multipart/form-data" -F "myfile=@path/to/malicious_file" http://target_site.com/upload

The vulnerability (CVE-2022-3771) has been reported in the following references

- Vulnerability Disclosure: easyii CMS Unrestricted File Upload
- CVE-2022-3771: Detailed Information

Conclusion

The CVE-2022-3771 vulnerability in easyii CMS is a critical security issue that has the potential to compromise the security of the affected websites. Administrators using easyii CMS should take proactive steps to mitigate the risks associated with this vulnerability and apply any available patches as soon as possible.

In the meantime, it is essential to implement strict file upload policies on web applications. Ensure that only authorized users can upload files, and restrict the types of files that can be uploaded. By following these practices, you can minimize the risk of potential attacks leveraging vulnerabilities like CVE-2022-3771.

Timeline

Published on: 10/31/2022 14:15:00 UTC
Last modified on: 11/01/2022 14:08:00 UTC