SoluçõesCoop iSoluçõesWEB Path Traversal Vulnerability in Profile Information Update Component

A path traversal vulnerability has been identified in the SoluçõesCoop iSoluçõesWEB application, affecting versions prior to 20250516. The issue arises in the Profile Information Update feature, specifically within the file '/sys/up.upload.php'. The vulnerability is triggered by manipulating the 'nomeArquivo' argument, which allows for unauthorized navigation to internal routes. This flaw can be exploited remotely and has been publicly disclosed, with an available proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for path traversal, enabling attackers to navigate the file system and potentially access sensitive files outside of the intended directory.

Reproduction

To reproduce this vulnerability, upload a file through the profile picture upload feature. After the upload, intercept the request that submits the profile information. Modify the 'nomeArquivo' parameter to include a path traversal payload that navigates to a location outside the restricted directory, such as one containing a file with a stored XSS payload. Once the request is sent, the profile picture will redirect to the malicious link, executing the XSS payload.

Remediation

Users are advised to upgrade to version 20250516 or later.