JackQ XCMS Unrestricted File Upload Vulnerability in upload.php

A vulnerability allowing unrestricted file uploads has been identified in JackQ XCMS versions up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. The issue resides in the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php, where uploaded files are not properly validated. This flaw allows attackers to upload malicious files, such as PHP web shells, without authentication. Once uploaded, these files can be accessed and executed via HTTP, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to execute malicious files on the server, leading to remote code execution.

Reproduction

To reproduce this vulnerability, send a POST request to the upload.php file with a crafted multipart/form-data payload. The 'name' parameter can be used to specify the file path, while the 'file' parameter should contain the malicious file, such as a PHP web shell, including a payload like phpinfo(). After uploading, the malicious file can be accessed directly through the web server, executed, and potentially exploited for remote code execution.