Project Pier Arbitrary File Upload Vulnerability Allowing Remote Code Execution

An unauthenticated arbitrary file upload vulnerability has been identified in Project Pier versions through 0.8.8. The issue resides in the file upload handler, which fails to properly validate file types or require authentication. This flaw enables remote attackers to upload malicious PHP files to a directory accessible via the web. Once uploaded, the files can be executed by accessing their URLs, leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be leveraged to execute malicious PHP scripts on the server, resulting in remote code execution.

Reproduction

The vulnerability can be reproduced by uploading a PHP file through the application's file upload feature, which is accessible without authentication. The uploaded file is saved in a web-accessible directory with a predictable filename format, allowing for easy execution by requesting the file's URL. This vulnerability has been successfully exploited using a Metasploit module.