gunet Open eClass Courses/Work Assignments Module Authenticated Arbitrary File Upload Vulnerability Allowing Code Execution

A vulnerability allowing authenticated users to upload arbitrary files has been identified in the Courses/Work Assignments module of gunet Open eClass, specifically in version 3.11. This vulnerability arises from the application's acceptance of crafted SVG files, which can be used to execute arbitrary code. The issue has been addressed in version 3.13.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where uploaded SVG files can execute client-side JavaScript when accessed. Additionally, it could lead to unauthorized actions being performed on behalf of the user, such as modifying grades or managing course content.

Reproduction

To reproduce this vulnerability, upload a malicious SVG file containing JavaScript code, such as an alert, into an active work assignment within a course. Once the file is uploaded, accessing it will trigger the execution of the embedded JavaScript, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update to gunet Open eClass version 3.13, where this vulnerability has been fixed.