Fujian Apex LiveBOS Path Traversal Vulnerability in UploadImage.do Endpoint Allowing Unauthenticated Remote Code Execution
Vulnerability
A path traversal vulnerability has been identified in Fujian Apex LiveBOS versions through 2.0. The issue resides in an unknown function of the file '/feed/UploadImage.do' within the Endpoint component. Manipulating the 'filename' argument allows for path traversal, which can be exploited remotely. This vulnerability has been publicly disclosed and is actively exploitable. Successful exploitation could lead to arbitrary file upload and execution of uploaded files as code.
Impact
Exploitation of this vulnerability allows for unauthenticated remote code execution on the server.
Reproduction
To reproduce this vulnerability, send a POST request to '/feed/UploadImage.do;.js.jsp' with a multipart/form-data content type. Include a 'file' parameter with a filename that traverses directories to reach a writable location on the server, such as the Tomcat webapps directory. The uploaded file can be a JSP file containing malicious code, which will be executed on the server.
Remediation
Users are advised to upgrade to version 2.1 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.