An arbitrary file upload vulnerability exists within a Contact Form Generator application. A remote unauthenticated attacker can upload a malicious file to the upload directory via a request to upload.php.
- The remote unauthenticated attacker sends a multipart request and uploads a PHP file to the server.
- The server responds successfully with the filename in the response.
- The attacker sends a request to ‘cfg-contact-form/upload/<malicious file>’ to retrieve their file.
The attacker should know the location of the vulnerable file on the target server. This can be achieved through Google dorks.
An arbitrary file upload vulnerability exists within a Contact Form Generator application. The vulnerability exists in the upload.php file which does not carry out authentication or validation checks. A remote unauthenticated attacker can upload a malicious file to the upload directory via a request to upload.php. This could compromise the target server.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
It is recommended to remove the application in order to mitigate this vulnerability.