Precurio Intranet Portal Cross-Site Request Forgery Vulnerability Allowing Shell Upload

A cross-site request forgery (CSRF) vulnerability has been identified in Precurio Intranet Portal version 4.4. This vulnerability allows an attacker to trick an authenticated user into sending a crafted request to a profile update endpoint that accepts file uploads. If the application saves the uploaded file, controlled by the attacker, as an executable server-side file in a web-accessible location, this could result in arbitrary code execution on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, allowing attackers to execute arbitrary code on the server where Precurio Intranet Portal is hosted.

Reproduction

To reproduce this vulnerability, an authenticated user must be induced to upload a file through the profile update endpoint. This can be done by exploiting the CSRF vulnerability to send a request that includes a maliciously crafted file. The uploaded file should be a PHP shell, which can then be executed on the server.