Playeduxyz PlayEdu Training System User Avatar Handler Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the Playeduxyz PlayEdu open-source training system, affecting versions through 1.8. The issue arises in the User Avatar Handler component, specifically within the file '/api/backend/v1/user/create'. The vulnerability allows for the manipulation of the 'Avatar' argument, potentially leading to unauthorized server-side requests. This issue can be exploited remotely, and the vulnerability has been publicly disclosed.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests on its behalf. This could lead to unauthorized access to internal services or resources, potentially causing information leakage or further exploitation of the server.

Reproduction

To reproduce this vulnerability, upload an image through the user creation API endpoint '/api/backend/v1/user/create'. The image should be processed by the User Avatar Handler, which will inadvertently trigger the SSRF vulnerability by allowing the server to make unauthorized requests. After the image is uploaded, the request can be intercepted and modified to exploit the SSRF vulnerability, such as by accessing internal services or resources that are not normally exposed.