BoyunCMS Unrestricted File Upload Vulnerability in Index.php
Vulnerability
A critical arbitrary file upload vulnerability exists in BoyunCMS versions through 1.4.20, specifically within the file /application/user/controller/Index.php. This vulnerability allows authenticated users to upload malicious files, such as web shells, via the /user/Index/upload endpoint. The lack of proper validation in the file upload process enables remote code execution on the server, posing a significant security risk.
Impact
Exploitation of this vulnerability allows for arbitrary file uploads, which can lead to remote code execution on the server.
Reproduction
To reproduce this vulnerability, first register a user account and log in. After logging in, upload a file through the /user/Index/upload endpoint, ensuring that the file type is one that can be executed on the server, such as a PHP file. Once the file is uploaded, it can be accessed and executed, leading to remote code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.