Zdir Pro Path Traversal Vulnerability in ZIP Extraction API Allowing Arbitrary File Overwrite and Potential Remote Code Execution

A path traversal vulnerability, known as a Zip-Slip vulnerability, has been identified in the ZIP extraction API of Zdir Pro version 4.x. When a crafted ZIP archive is processed by the backend extraction API, files can be written outside the intended directory. This flaw leads to arbitrary file overwrites and could potentially allow for remote code execution.

Impact

Exploitation of this vulnerability can result in arbitrary file overwrites and potentially allow for remote code execution on the server where Zdir Pro is running.

Reproduction

To reproduce this vulnerability, upload a crafted ZIP file containing path traversal characters to the Zdir Pro application. After uploading, extract the ZIP file using the application's extraction feature. The extraction process will write files outside the intended directory, demonstrating the path traversal vulnerability. Check the '/tmp' directory within the Zdir Pro Docker container for the presence of the extracted file, such as '/tmp/evil.txt', which indicates successful exploitation.