Gleamtech FileVista Directory Traversal Vulnerability Allowing Code Execution and Privilege Escalation

A directory traversal vulnerability has been identified in Gleamtech FileVista version 9.2.0.0. This vulnerability allows remote attackers to execute code, disclose information, and escalate privileges by injecting malicious payloads into HTTP requests. The exploitation involves manipulating file paths to bypass access controls and upload harmful files.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, information disclosure, and privilege escalation on the affected system.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/filevista/fileuploader.ashx/BeginQueue' endpoint. The request must include a 'fileManagerpath' parameter that exploits the directory traversal vulnerability by navigating up the directory structure to reach the 'filevistal' directory. Once the malicious file is uploaded, it can be executed on the server, leading to code execution.