CVE-2021-41675
Vendor
Author and redevelopment of the PoC
nu11secur1ty
First cool ;) Idea:
- Thank you, dear friend!
Janik Wehrli
Description:
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the do Insert function, which validates images with getImageSizei... More about the function: https://www.php.net/manual/en/function.getimagesize.php The attacker can deploy malicious RCE files bypassing this function, and after that, he can use the directory traversal method, to navigate to the /uploaded_photos/ directory which is another and actual problem of this system. After the problem, which is - no sanitizing of the function "(getimagesize())" on this system, the attacker can execute the malicious RCE code, and then he can retrieve all sensitive information about the App on this server, and all architecture of this server. CONCLUSION: There is no proper disinfection of "(getimagesize())" function, and correctly protecting the directory /uploaded_photos/.
