Census CSWeb Arbitrary File Upload Vulnerability Allowing Remote Code Execution

An arbitrary file upload vulnerability has been identified in Census CSWeb version 8.0.1. This vulnerability allows remote, authenticated attackers to upload malicious files, potentially leading to remote code execution. The issue arises because the file upload functionality does not adequately validate filenames, extensions, or content, allowing uploads to writable and web-accessible locations. In misconfigured environments, this could result in code execution.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, with the potential for executing malicious code on the server. Additionally, such uploads could cause a denial-of-service or disclose sensitive information, depending on the nature of the uploaded file and the server's configuration.

Reproduction

To reproduce this vulnerability, an authenticated user can upload a file through the application's file upload feature. The system's inadequate validation will allow the upload of potentially harmful files to locations accessible via the web.

Remediation

Users can upgrade to Census CSWeb version 8.1.0 alpha, where this vulnerability has been addressed.