open-webui Arbitrary File Write Vulnerability Leading to Remote Code Execution

A vulnerability allowing arbitrary file write has been identified in open-webui version 0.3.8. The issue arises in the `/models/upload` endpoint, where user-supplied filenames are not properly validated or sanitized. This flaw allows attackers to manipulate the `file.filename` parameter to include directory traversal sequences, escaping the intended upload directory and overwriting arbitrary files on the system. Such exploitation could modify critical system binaries, configuration files, or sensitive data, potentially leading to unauthorized remote command execution.

Impact

Exploitation of this vulnerability could result in unauthorized modifications of system files, including binaries and configuration files, and allow for remote code execution on the server.

Reproduction

To reproduce this vulnerability, upload a file through the `/models/upload` endpoint using a request that includes a directory traversal sequence in the `file.filename` parameter. This can be done by intercepting the upload request with a tool like Burp Suite and modifying the filename to include traversal sequences that escape the upload directory, directing the file to a location such as `/tmp` where it can be accessed and potentially exploited for remote code execution.