CVE-2022-43074 AyaCMS v3.1.2 had an arbitrary file upload vulnerability via the /admin/fst_upload.inc.php component.

CVE-2022-43074 AyaCMS v3.1.2 had an arbitrary file upload vulnerability via the /admin/fst_upload.inc.php component.

An attacker can upload a PHP file via the component /admin/fst_upload.inc.php and then upload a file with a malicious code or execute a PHP code via the component /admin/fst_upload.inc.php. An attacker needs to only guess the name of the uploaded file. The following code contains the file upload method:

?php /* This method allows administrators to upload a file */ if(isset($_FILES[‘f’]->name) && $_FILES[‘f’]->is_file()) { // Check if file exists if(!$this->_fst->_check(‘upload’, $file)) { // If file doesn't exist, create it $this->_fst->create(array(‘fid’ => $file->fid, ‘type’ => ‘upload’, ‘upload’ => ‘’, ‘size’ => 0, ‘ext’ => ‘jpg’, ‘key’ => ‘’, ‘name’ => ‘’, ‘mime’ => ‘’, ‘created’ => new \DateTime(’now’))); } } ?> The following code contains a remote code execution method:

input type=”file

output script

input type=”submit”

?php if($_FILES[‘f’]->name) {
The following code contains the attack vector:

input type=”image ”

!

/usr/bin/env php

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe