REDAXO Arbitrary File Upload Vulnerability in Mediapool Addon

An arbitrary file upload vulnerability exists in the REDAXO content management system, specifically in versions prior to 5.18.3. The issue is located on the mediapool/media page, where users can upload malicious files. This vulnerability has been reported to allow the execution of JavaScript code, potentially leading to malware distribution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to execute malicious code on the server.

Reproduction

To reproduce this vulnerability, log into the REDAXO CMS and navigate to the Mediapool section. Upload a PNG file, such as 'poc.png'. Intercept the upload request using Burp Suite and modify the 'filename' to 'poc.1html', change the 'Content-Type' to 'image/html', and insert malicious HTML code, such as a JavaScript alert, into the file. After forwarding the request, the uploaded file can be accessed, demonstrating the successful exploitation of the vulnerability.

Remediation

Users can update to REDAXO version 5.18.3 or later to address this vulnerability.