Aero CMS PHP Code Injection Vulnerability

A PHP code injection vulnerability exists in Aero CMS version 0.0.1, allowing authenticated attackers to execute arbitrary PHP code. This is achieved by uploading malicious files through the image parameter to the admin posts.php endpoint, specifically when the source is set to add_post. The server executes the uploaded files, leading to potential exploitation.

Impact

Exploitation of this vulnerability allows for arbitrary PHP code execution on the server.

Reproduction

To reproduce this vulnerability, authenticate as a user with permission to access the admin posts.php endpoint. Once authenticated, navigate to the posts.php page and select the option to add a new post. In the image upload section, upload a PHP file containing malicious code, such as a payload that, when executed, performs an action like a DNS lookup to a domain controlled by the attacker. After uploading the file, complete the post creation process. The server will execute the embedded PHP code, demonstrating the vulnerability.