NodeBB Plugin Emoji Arbitrary File Write Vulnerability

An arbitrary file write vulnerability has been identified in NodeBB Plugin Emoji version 3.2.1. This vulnerability allows administrative users to write files to arbitrary locations on the system via the emoji upload API. By exploiting directory traversal in the file path parameter, attackers with admin access can overwrite system files.

Impact

Exploitation of this vulnerability could lead to unauthorized file modifications, potentially allowing for the overwriting of critical system files.

Reproduction

To reproduce this vulnerability, an administrative user must log into a NodeBB instance with the vulnerable version of the emoji plugin installed. Once logged in, the user can access the emoji upload API through the admin panel. By crafting a file upload request that includes directory traversal sequences in the file path parameter, it is possible to overwrite arbitrary files on the server.