PHPEMS Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in PHPEMS versions through 11.0. This issue allows attackers to manipulate users into performing actions without their consent, potentially leading to unauthorized changes in system settings or data.

Impact

Exploitation of this vulnerability could allow unauthorized users to modify system configurations or upload malicious files, which could be executed on the server, leading to a takeover or theft of sensitive data.

Reproduction

To reproduce this vulnerability, log into PHPEMS with a user account that has permission to manage file upload settings. Use Burp Suite to intercept the request when modifying allowed file extensions. Create a malicious HTML page that sends this request, adding dangerous file types like '.phar'. When the victim accesses this page, the request is submitted automatically, bypassing normal security checks.

Remediation

To address this vulnerability, PHPEMS should implement CSRF token verification for sensitive operations, restrict file extension modifications to high-privilege administrators, validate uploaded file types against a whitelist, and disable execution permissions for uploaded files.