RCE via upload addon plugin
It was identified that an authenticated user (admin) has the possibility to upload malicious files without any restriction. In this specific case, arbitrary server side PHP code such as web shells can be uploaded. As a result the attacker can run arbitrary code on the server side with the privileges of the web server. This could lead to a full system compromise.
To Reproduce
Steps to reproduce the behavior:
Login to flatcore CMS (admin user)
Click on 'Addons'
Click on 'Install'
Click on 'Plugin'
Choose a malious PHP file (revershell, webshell...), example is shell.php
In order to install addons afterwards, the upload of PHP files must be possible. Everyone should be aware that this can lead to security problems.
I think I'll add a "super admin" to rights management. Possibly with an additional password entry before the upload can start. And additional safety information.
Or do you have an idea how to add addons to the system?
RCE via upload addon plugin
It was identified that an authenticated user (admin) has the possibility to upload malicious files without any restriction. In this specific case, arbitrary server side PHP code such as web shells can be uploaded. As a result the attacker can run arbitrary code on the server side with the privileges of the web server. This could lead to a full system compromise.
To Reproduce
Steps to reproduce the behavior:
Screenshots
Desktop (please complete the following information):
Additional context
This vulnerability is extremely serious affecting the system. An attacker can take control of the entire server.
The text was updated successfully, but these errors were encountered: