ElkArte Forum Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in ElkArte Forum version 1.1.9. This vulnerability allows authenticated administrators to upload malicious PHP files during the theme installation process. Exploitation involves uploading a ZIP archive containing a PHP file with system commands, which can be executed by accessing the uploaded file in the theme directory.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where ElkArte Forum is hosted.

Reproduction

To reproduce this vulnerability, log into an ElkArte Forum 1.1.9 account with administrative privileges. Navigate to the 'Manage' section and select 'Install theme'. Upload a ZIP file containing a PHP script, such as one that executes system commands, and click 'Install'. After the upload is complete, access the PHP file through the theme directory to execute the embedded commands.