PerfreeBlog File Upload Vulnerability in Theme Installation Function

A file upload vulnerability allowing arbitrary file uploads has been identified in PerfreeBlog version 4.0.11. The issue arises in the 'installTheme' function, where uploaded theme files are initially placed in a temporary directory without proper validation. The vulnerability can be exploited by uploading files with any extension, including potentially malicious ones, which could then be executed on the server.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to execute malicious files on the server, especially if uploaded files are Java executables or scripts.

Reproduction

To reproduce this vulnerability, log into the PerfreeBlog admin panel and navigate to the Theme Management section. Once there, initiate a file upload through the 'Upload File' option. Capture the request to the 'installTheme' API endpoint, which accepts files with any suffix. Include a payload that exploits directory traversal by using '../' to navigate the file system and overwrite existing files, such as Java files, to achieve remote code execution.