SiempreCMS Unauthenticated File Upload Vulnerability in File Upload Component

A vulnerability allowing unrestricted file uploads has been identified in SiempreCMS versions through 1.3.6. This issue resides in the file '/docs/admin/file_upload.php' and can be exploited remotely. The vulnerability allows attackers to upload files to arbitrary directories under '../media/', including hidden module directories. While the uploaded files cannot be executed as PHP scripts in this configuration, the vulnerability can be abused to flood a specific directory with a large number of files. This could exhaust disk space, degrade server performance, or cause denial-of-service conditions.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can lead to resource exhaustion by flooding directories with large numbers of files. This behavior can degrade server performance, consume disk space, and potentially cause denial-of-service conditions.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/docs/admin/file_upload.php' with a manipulated 'folder-path' parameter that points to a directory under '../media/'. The 'image' parameter must include a file with an allowed extension, such as '.jpeg', '.png', or '.pdf'. Once uploaded, the files can be used to flood the target directory, consuming server resources and disk space.