Funadmin Unrestricted File Upload Vulnerability in Upload Service Component

A vulnerability allowing unrestricted file uploads has been identified in Funadmin versions through 7.1.0-rc6. The issue arises in the UploadService component, specifically within the chunkUpload function of UploadService.php. The vulnerability is created by manipulating the file upload arguments, which bypasses security checks and allows the upload of executable files, such as PHP scripts. This flaw can be exploited remotely.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could lead to remote code execution by uploading and executing a malicious file on the server.

Reproduction

The vulnerability can be reproduced by uploading a file through the chunked upload endpoint without the necessary file type and size checks. This can be done by sending a request that includes the chunkId parameter, which triggers the chunkUpload method. Since this method does not perform the required file validation, it allows the upload of files that could be executed on the server.

Remediation

Users are advised to update to the patched version of Funadmin, which includes the necessary file validation in the chunkUpload method. The patch can be applied by merging the latest changes from the main branch.