JackQ XCMS Unrestricted File Upload Vulnerability in Backend ProductImageController

A vulnerability allowing unrestricted file uploads has been identified in JackQ XCMS versions prior to 3fab5342cc509945a7ce1b8ec39d19f701b89261. The issue resides in the backend file upload interface, specifically within the ProductImageController. The vulnerability arises from inadequate validation of uploaded file types, content, and extensions. This flaw enables authenticated attackers to upload malicious files, such as PHP web shells, which can be executed remotely, leading to unauthorized code execution.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can be used to upload and execute malicious files, such as web shells, on the server. This behavior is commonly associated with remote code execution vulnerabilities.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the file upload interface of the ProductImageController. Upload a file through the upload endpoint, ensuring to manipulate the 'file' argument to bypass any file type restrictions. After successfully uploading a file, it can be accessed via HTTP requests, executing any embedded code if the file type is executable.