OpenSTAManager Arbitrary File Upload Vulnerability in Module Update Functionality Allowing Remote Code Execution

An arbitrary file upload vulnerability has been identified in OpenSTAManager versions through 2.10. This vulnerability exists within the module update functionality, specifically in the file 'modules/aggiornamenti/upload_modules.php'. The issue allows authenticated users to upload malicious files, which could lead to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to execute malicious PHP scripts on the server, leading to remote code execution.

Reproduction

To reproduce this vulnerability, first create a ZIP file containing a malicious module file and a PHP web shell. The module file should be formatted to be recognized by OpenSTAManager. Once the ZIP file is prepared, log into the OpenSTAManager backend and navigate to the module update feature. Upload the crafted ZIP file through the 'upload_modules.php' endpoint. After the upload, access the uploaded PHP file to execute arbitrary commands on the server.