z-9527 Admin Path Traversal Vulnerability in File Upload Function

A path traversal vulnerability has been identified in z-9527 Admin versions up to commit 72aaf2d. The issue arises in the file upload functionality, specifically within the 'uploadFile' method of '/server/utils/upload.js'. The vulnerability is triggered by manipulating the 'fileType' query parameter, which is improperly validated before being used to construct file paths. This flaw allows authenticated attackers to exploit the upload feature, bypassing image type restrictions and potentially leading to the execution of malicious files on the server.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can be used to upload malicious files to the server. This could lead to further exploitation, such as executing uploaded scripts or causing a denial-of-service by overwriting critical files.

Reproduction

To reproduce this vulnerability, send a POST request to the '/upload' endpoint with a crafted 'fileType' parameter that includes directory traversal sequences, such as '../'. This will manipulate the file path used by the server to save the uploaded file, potentially allowing the file to be saved outside of the intended directory.