EasyImages Arbitrary File Upload Vulnerability Leading to Remote Code Execution

A vulnerability allowing arbitrary file upload has been identified in the EasyImages application version 2.0, specifically in versions through 2.8.6. This vulnerability resides in the admin/manager.php component, where authenticated users can upload crafted PHP files that are then executed on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where EasyImages is installed.

Reproduction

To reproduce this vulnerability, log into the EasyImages application as a user with privileges. Navigate to the File Management section under Settings. Upload a PHP web shell, such as 'congsec.php', into the 'cache' folder. After uploading, the web shell can be accessed and executed, for example, using a tool like AntSword (China Chopper).

Remediation

It is recommended to configure the server to prevent script execution in upload directories, implement strict file upload validations, and store uploaded files securely. Additionally, consider processing image files to remove any embedded malicious code before allowing them to be accessed through the web application.