CVE-2025-27411

MEDIUM5.4EPSS 0.25%

REDAXO allows Arbitrary File Upload in the mediapool page

發布日:2025/3/5修改日:2025/3/5

描述

### Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. ### Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary file upload. ### PoC 1. Log in to the portal then navigate to `Mediapool`. 2. Upload a png file (ex: poc.png) ![1](https://github.com/user-attachments/assets/e9165434-d2cd-437b-87a3-f9527d4f3070) 3. Intercept the upload HTTP request on burp suite and change `filename: poc.1html`, `Content-Type:image/html` and insert the malicious html code. (ex: `<IFRAME SRC="javascript:alert(1);"></IFRAME>`) ![2](https://github.com/user-attachments/assets/f8da0e6b-e807-46be-a867-dc31b1e13e57) 4. Forward the request. 5. Navigate to the file. ![3](https://github.com/user-attachments/assets/4c44c5cf-8467-452d-b249-cf2d72e0d328) ![4](https://github.com/user-attachments/assets/29db80e3-a5b9-4354-a292-c1ae7189931a) ### Impact Exploiting an arbitrary file upload vulnerability enables attackers to execute malicious code on a server.

受影響套件(1)

Packagist/redaxo/sourcefrom 0, < 5.18.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

描述

受影響套件(1)

CVSS 分數

參考連結(4)