SOPlanning File Upload Bypass Vulnerability Allowing Remote Code Execution

A file upload bypass vulnerability has been identified in SOPlanning version 1.53.00, specifically within the file upload process handled by 'www/process/upload.php'. This vulnerability allows remote attackers to circumvent upload restrictions and potentially execute arbitrary code by uploading malicious files, such as those disguised with certain file extensions that are not properly filtered.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can lead to remote code execution on the server.

Reproduction

The vulnerability can be reproduced by uploading a file with a '.phtml' extension through the application's file upload feature. The upload will bypass the application's blacklist of disallowed file types, as the '.phtml' extension is not properly blocked. Once uploaded, the file can be executed on the server, leading to remote code execution. This vulnerability can also be exploited by using alternative file extensions such as '.pht', '.phar', or '.php3', which can achieve the same result.

Remediation

Users are advised to update to the latest version of SOPlanning, where this vulnerability has been patched.