Emlog Pro Unrestricted File Upload Vulnerability in Blogger.php

A file unrestricted upload vulnerability has been identified in Emlog Pro versions prior to 2.5.18. The issue resides in the '/admin/blogger.php?action=update_avatar' file, where the 'image' parameter lacks proper validation, allowing attackers to upload arbitrary files, including malicious scripts. This vulnerability can be exploited remotely, without any authentication or authorization requirements.

Impact

Exploitation of this vulnerability allows attackers to upload and execute malicious scripts on the server, potentially leading to unauthorized access, data manipulation, malware distribution, or disruption of services.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/admin/blogger.php?action=update_avatar' with a file that includes a payload, such as a PHP script, disguised as an image. This can be done using tools like cURL.

Remediation

It is recommended to implement strict file type verification, set file size limits, store uploaded files outside the web root directory, rename uploaded files to ensure uniqueness, and conduct regular security audits.