Sobey Media Convergence System Path Traversal Vulnerability in File Upload Component

A path traversal vulnerability has been identified in Sobey Media Convergence System versions 2.0 and 2.1. The issue arises in the file upload feature of the watermark editor, where the application fails to properly validate and sanitize uploaded filenames. This flaw allows attackers to upload malicious script files, such as JSPs, by exploiting the file argument to traverse directories and write the files to a web-accessible directory. Once uploaded, the scripts can be executed remotely, leading to unauthorized code execution on the server.

Impact

Exploitation of this vulnerability allows for path traversal, enabling attackers to upload and execute malicious scripts on the server, potentially leading to remote code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/sobey-mchEditor/watermark/upload' endpoint. The request must include a file payload that exploits the path traversal vulnerability by navigating up the directory structure (using '../..') to write a malicious JSP file into a directory accessible by the web server. After the file is uploaded, it can be accessed via a GET request to execute the embedded code.