Emlog Pro Unrestricted File Upload Vulnerability in Plugin Management

A vulnerability allowing unrestricted upload of files with dangerous types has been identified in Emlog Pro version 2.5.7. This issue arises in the plugin management section, specifically through the 'upload_zip' action in 'plugin.php'.

Impact

Exploitation of this vulnerability allows for the upload of malicious files, such as web shells, which can be executed on the server.

Reproduction

To reproduce this vulnerability, create a ZIP file named 'shell.zip' containing a folder named 'shell'. Inside the 'shell' folder, place a PHP file named 'shell.php'. Ensure that the names of the ZIP file, folder, and PHP file match. After logging into the Emlog Pro admin panel, navigate to the plugin management section and upload the crafted 'shell.zip' file. Once uploaded, a 'shell' folder will be created in the 'emlog/content/plugins' directory, containing the 'shell.php' file which can then be executed on the server.