QaTraq Unrestricted File Upload Vulnerability Leading to Remote Code Execution
Vulnerability
A remote code execution vulnerability exists in QaTraq version 6.9.2, allowing authenticated users to upload arbitrary files through the 'Add Attachment' feature in the 'Test Script' module. The application does not restrict file types, enabling the upload of executable PHP files. Once uploaded, these files can be accessed via the 'View Attachment' option, which executes the PHP payload on the server.
Impact
Exploitation of this vulnerability allows for remote code execution on the server where QaTraq 6.9.2 is hosted.
Reproduction
To reproduce this vulnerability, log into QaTraq 6.9.2 and navigate to the 'Test Script' module. Use the 'Add Attachment' feature to upload a PHP file containing a payload, such as a script that executes system commands. After the file is uploaded, access it through the 'View Attachment' option, appending the command to be executed via the PHP payload.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.