ConvertX Arbitrary File Write Vulnerability Leading to Code Execution
Vulnerability
A vulnerability in ConvertX, a self-hosted online file converter, allows authenticated users to write arbitrary files on the system via the `/upload` endpoint. This issue affects versions through 0.15.1. The vulnerability arises because the upload function does not sanitize file names, enabling users to overwrite system binaries with malicious files that can be executed. ConvertX version 0.16.0 addresses this vulnerability by implementing proper file name sanitization.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the server or within the container where ConvertX is running.
Reproduction
To reproduce this vulnerability, an authenticated user can upload a file through the `/upload` endpoint. The uploaded file's name can be crafted to overwrite a system binary. Once the file is uploaded, the overwritten binary can be executed, leading to code execution on the system.
Remediation
Users can upgrade to ConvertX version 0.16.0 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.