Snuffleupagus Multipart POST File Upload Vulnerability Leading to Arbitrary Code Execution
Vulnerability
A vulnerability in Snuffleupagus versions prior to 0.13.0 allows arbitrary code execution via multipart POST file uploads. This issue arises when the upload validation feature is enabled and configured to use a validation script based on the Vulcan Logic Disassembler (VLD), while the VLD extension is not available to the CLI SAPI. Under these conditions, uploaded files are incorrectly processed as PHP code.
Impact
Exploitation of this vulnerability could lead to arbitrary code execution on the server.
Reproduction
To reproduce this vulnerability, first ensure that Snuffleupagus is installed and the upload validation feature is enabled. Configure the upload validation to use a script that relies on the VLD extension, but make sure VLD is not available to the CLI SAPI. When a multipart POST request is made with a file upload, the Snuffleupagus upload validation will incorrectly evaluate the file as PHP code, leading to code execution.
Remediation
Users can update Snuffleupagus to version 0.13.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.