Idera Up.Time Monitoring Station Unauthenticated Arbitrary File Upload Vulnerability Leading to Remote Code Execution
Vulnerability
A vulnerability allowing unauthenticated arbitrary file uploads has been identified in Idera Up.Time Monitoring Station versions through 7.2. The issue arises in the 'wizards/post2file.php' script, which accepts arbitrary POST parameters. This flaw enables attackers to upload malicious PHP files to the webroot, where they can be executed, resulting in remote code execution as the web server user.
Impact
Exploitation of this vulnerability allows for arbitrary file uploads, which can be leveraged to execute malicious code on the server with the privileges of the web server user.
Reproduction
To reproduce this vulnerability, send a POST request to 'wizards/post2file.php' with the 'file_name' parameter set to the desired PHP file name and the 'script' parameter containing the PHP code payload. The uploaded file will be placed in the webroot, where it can be accessed and executed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.