Perfex CRM Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Perfex CRM versions prior to 3.2.1. An authenticated attacker can exploit this issue by sending a crafted HTTP POST request to the upload_sales_file endpoint. The attack involves manipulating the rel_id parameter to bypass input validation, allowing the upload of arbitrary files to user-specified directories. This exploitation could lead to remote code execution or a complete server compromise.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Perfex CRM is hosted.

Reproduction

To reproduce this vulnerability, log into the Perfex CRM portal and navigate to the invoices section. Select any invoice and attach a new file in the notes. The vulnerability can be exploited by uploading a PHP file that executes code, using the rel_id parameter to traverse paths outside the designated upload directory.