Writebot AI Content Generator SaaS React Template File Upload Vulnerability Allowing Privilege Escalation

A file upload vulnerability has been identified in the Writebot AI Content Generator SaaS React Template, affecting versions through 4.0.0. This vulnerability allows remote attackers to gain escalated privileges by sending a crafted POST request to the /file-upload endpoint. The issue arises from inadequate validation of file types and extensions, coupled with the absence of authentication or session checks. As a result, attackers can upload malicious PHP files disguised as images and execute arbitrary commands once the files are placed in a publicly accessible directory.

Impact

Exploitation of this vulnerability allows for unauthenticated arbitrary file uploads, which can lead to remote code execution by uploading a malicious PHP file that is executed on the server.

Reproduction

The vulnerability can be reproduced by uploading a PHP file disguised as an image through the /file-upload endpoint. The uploaded file can then be accessed via a public URL, allowing for the execution of arbitrary code.

Remediation

Developers are advised to require authentication for file uploads, validate and sanitize MIME types and file extensions, store uploaded files outside the webroot, randomize filenames, and restrict access to uploaded files.