Swetrix Web Analytics API Directory Traversal Vulnerability Leading to Remote Code Execution

A directory traversal vulnerability has been identified in Swetrix Web Analytics API versions 3.1.1 prior to 7d8b972. This vulnerability allows remote attackers to execute arbitrary code by crafting specific HTTP requests. The issue arises in the 'CdnService.uploadFile' method, where unsanitized file names can be exploited to overwrite files in arbitrary locations on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, particularly when writable executable files are targeted. It also enables arbitrary file overwriting within the application's container permissions, which could lead to file system or data corruption.

Reproduction

To reproduce this vulnerability, upload a file through the application's file upload feature, using a filename that includes path traversal sequences, such as '../'. This will exploit the directory traversal vulnerability by overwriting a file in a sensitive location, such as the main application entry point.

Remediation

The vulnerability has been fixed in version 3.1.1 with the commit 7d8b972. The patch replaces the use of unsanitized filenames with secure UUID-based filenames, while maintaining the original file extensions for proper handling.