XODA Document Management System Unauthenticated PHP File Upload Vulnerability Allowing Arbitrary Code Execution

An unauthenticated file upload vulnerability has been identified in XODA Document Management System version 0.4.5. This vulnerability allows remote attackers to upload arbitrary PHP files to the server, which can then be executed, leading to unauthorized code execution. The issue arises because the file upload feature does not properly validate or restrict the types of files that can be uploaded. Attackers can exploit this vulnerability by sending a multipart/form-data POST request with a malicious PHP file, which is then executed via a subsequent GET request.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where XODA is installed.

Reproduction

To reproduce this vulnerability, send a POST request to the XODA upload endpoint with a crafted multipart/form-data payload that includes a PHP file. The uploaded file will be placed in the web-accessible files directory. After the file is uploaded, send a GET request to execute the PHP file, which will trigger the uploaded payload.