WCMS 11 Unrestricted File Upload Vulnerability in Article Publishing Component

A critical vulnerability exists in WCMS version 11 within the Article Publishing Page component. The issue arises in the file '/index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1', where the 'Upload' argument can be manipulated to allow unrestricted file uploads. This vulnerability can be exploited remotely, enabling attackers to upload malicious files, such as PHP scripts, which could be executed to compromise the application.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, including potentially malicious files that could be executed on the server, leading to unauthorized code execution.

Reproduction

To reproduce this vulnerability, navigate to the Article Publishing Page in WCMS 11. Use the upload functionality in CKEditor, specifically targeting the 'Upload' argument. Upload a file type that is normally restricted, such as a PHP file. The file will be accepted and uploaded without proper validation.