WebErpMesv2 File Upload Vulnerability Leading to Remote Code Execution
Vulnerability
A file upload vulnerability has been identified in WebErpMesv2 version 1.17, specifically within the FactoryController.php file. This vulnerability allows authenticated attackers to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests. Exploiting this flaw could result in remote code execution on the web server.
Impact
Successful exploitation allows for remote code execution on the server where WebErpMesv2 is hosted.
Reproduction
To reproduce this vulnerability, log into the WebErpMesv2 application as an administrator. Navigate to 'Factory Settings' and then 'Reports Settings'. There, you will find a file upload feature that expects PDF files or certain image formats. Upload a PHP file disguised as a PDF or image. Once uploaded, the file can be accessed directly through a GET request, executing the PHP code on the server and returning the output.
Remediation
The vulnerability has been fixed in version 1.17. Users should update to this version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.