SIMOGEO Filemanager Arbitrary File Upload Vulnerability Allowing Code Execution

A vulnerability allowing arbitrary file upload has been identified in SIMOGEO Filemanager version 2.3.0. The issue arises in the 'is_allowed_file_type()' function, where attackers can upload a crafted PHP file that is executed on the server. This vulnerability is exacerbated by a path traversal issue, allowing the uploaded file to be placed in a location where it can be accessed and executed.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server, with the executed code running in the context of the web server user.

Reproduction

To reproduce this vulnerability, upload a file with a .txt extension containing PHP web shell code, such as a script that alerts a message. After uploading, rename the file to have a .php extension and move it to a directory where it can be executed. Once the file is accessed through the web server, the uploaded PHP code will be executed.