Paymenter Webshop Solution Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Paymenter, a free and open-source webshop solution, in versions prior to 1.2.11. The issue arises in the ticket attachments functionality, where a malicious authenticated user can upload arbitrary files. This exploitation could lead to the extraction of sensitive data from the database, unauthorized access to credentials in configuration files, and the execution of arbitrary system commands under the web server user context.

Impact

Exploitation of this vulnerability allows a low-privilege authenticated user to fully compromise the application and the underlying server. The vulnerability could be exploited to execute arbitrary code, potentially leading to the extraction of sensitive database information, access to configuration file credentials, and execution of system commands under the web server user context.

Remediation

Users are advised to upgrade to Paymenter version 1.2.11 or later. If an immediate upgrade is not possible, administrators can update their nginx configuration to download attachments instead of executing them, or use a Web Application Firewall (WAF) like Cloudflare to disallow access to the /storage/ directory.