EverShop Unauthenticated File Upload Vulnerability in API Images Endpoint

A vulnerability in EverShop version 2.0.1 allows unauthenticated users to upload files and create directories through the /api/images endpoint. The issue arises from insufficient validation of uploaded files, as the endpoint is publicly accessible by default. While the vulnerability does not currently allow for remote code execution, it could be exploited to upload malicious files that might be executed later, or to conduct a denial-of-service attack by uploading large files to fill up server storage.

Impact

Exploitation of this vulnerability could lead to unrestricted file uploads, allowing for the introduction of potentially harmful files to the server. This could be used to execute malicious scripts or applications, depending on the server's configuration. Additionally, the vulnerability could be exploited to create a denial-of-service condition by uploading large files to consume server storage.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /api/images endpoint without authentication. This can be done by removing cookies from a session that has been authenticated and then using a tool like Burp Suite to intercept and modify the request. Once the request is sent, any file can be uploaded to the server, bypassing the intended restrictions on file types.

Remediation

Users are advised to update to the latest version of EverShop, where this vulnerability has been addressed.