Omnispace Agora Project File Upload Vulnerability Allowing Code Execution

A file upload vulnerability has been identified in the Omnispace Agora Project, affecting versions prior to 25.10. This vulnerability allows authenticated users, and under certain conditions, guest users, to upload files through the UploadTmpFile action. The issue arises from insufficient validation of file types and extensions, enabling the upload of potentially dangerous files that could be executed on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, including files that could be executed on the server, potentially causing a compromise of the server's security.

Reproduction

To reproduce this vulnerability, an authenticated user or a guest user (if guest access is enabled) can use the UploadTmpFile action to upload a file. The vulnerability can be exploited by bypassing the inadequate file type and extension checks, such as by uploading a file with a '.phar' extension, which could be executed depending on the web server's configuration.

Remediation

Users are advised to update to Omnispace Agora Project version 25.10 or later, where this vulnerability has been addressed.