{"id":22078,"date":"2024-01-19T14:36:36","date_gmt":"2024-01-19T13:36:36","guid":{"rendered":"https:\/\/herolab.usd.de\/?page_id=22078"},"modified":"2024-02-07T12:41:19","modified_gmt":"2024-02-07T11:41:19","slug":"usd-2023-0049","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2023-0049\/","title":{"rendered":"usd-2023-0049"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.23.4\" _module_preset=\"default\" custom_padding=\"||13px|||\" global_colors_info=\"{}\"]<\/p>\n<h1>usd-2023-0049 | Gambio 4.9.2.0 - Arbitrary File Upload<\/h1>\n<h1><\/h1>\n<p><strong>Product<\/strong>: Gambio<br \/><strong>Affected Version<\/strong>: 4.9.2.0<br \/><strong>Vulnerability Type<\/strong>: CWE 434 - Unrestricted Upload of File with Dangerous Type<br \/><strong>Security Risk<\/strong>: Critical<br \/><strong>Vendor URL<\/strong>: <a href=\"https:\/\/www.gambio.de\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.gambio.de\/<\/a><br \/><strong>Vendor Status<\/strong>: Not fixed<br \/><strong>CVE number<\/strong>: CVE-2024-23762<\/p>\n<h3>Description<\/h3>\n<p>Gambio is a software specifically designed for running online shops.<br \/>It provides various features and tools to help businesses manage their inventory, process orders, and handle customer interactions.<\/p>\n<p>According to their homepage, the software is used by more than 25.000 shops.<\/p>\n<p>The <em>Content Manager<\/em> feature allows to create new pages from scripts.<br \/>The functionality allows uploading arbitrary PHP files which results in remote code execution.<\/p>\n<p><strong>Note:<\/strong><br \/>Unfortunately, despite multiple attempts, our attempts to engage the vendor in resolving this issue have been met with silence.<br \/>The vulnerability is still unfixed.<\/p>\n<h3>Proof of Concept<\/h3>\n<p>The <em>Content Manager<\/em> feature allows to create new pages from scripts.<br \/>The functionality allows uploading arbitrary PHP files which results in remote code execution.<\/p>\n<p>A PHP file which executes the <strong>ls<\/strong> command was uploaded.<br \/>The PHP file is embedded into the page where it was previously attached to.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2024\/01\/1fc86bb9-0e0b-45b0-821d-f70082a803b3.png\" width=\"1384\" height=\"350\" alt=\"\" class=\"wp-image-22014 alignnone size-full\" srcset=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2024\/01\/1fc86bb9-0e0b-45b0-821d-f70082a803b3.png 1384w, https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2024\/01\/1fc86bb9-0e0b-45b0-821d-f70082a803b3-1280x324.png 1280w, https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2024\/01\/1fc86bb9-0e0b-45b0-821d-f70082a803b3-980x248.png 980w, https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2024\/01\/1fc86bb9-0e0b-45b0-821d-f70082a803b3-480x121.png 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) and (max-width: 1280px) 1280px, (min-width: 1281px) 1384px, 100vw\" \/><\/p>\n<h3>Fix<\/h3>\n<p>Restrict upload of files with a dangerous type.<\/p>\n<h3>References<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.gambio.de\" target=\"_blank\" rel=\"noopener\">https:\/\/www.gambio.de<\/a><\/li>\n<\/ul>\n<h3>Timeline<\/h3>\n<ul>\n<li><strong>2023-12-08<\/strong>: First contact request via email.<\/li>\n<li><strong>2023-12-21<\/strong>: Second contact request via email.<\/li>\n<li><strong>2024-01-17<\/strong>: This advisory is published.<\/li>\n<\/ul>\n<h3>Credits<\/h3>\n<p>This security vulnerability was identified by Christian Poeschl and Lukas Schraven of usd AG.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>usd-2023-0049 | Gambio 4.9.2.0 - Arbitrary File Upload Product: GambioAffected Version: 4.9.2.0Vulnerability Type: CWE 434 - Unrestricted Upload of File with Dangerous TypeSecurity Risk: CriticalVendor URL: https:\/\/www.gambio.de\/Vendor Status: Not fixedCVE number: CVE-2024-23762 Description Gambio is a software specifically designed for running online shops.It provides various features and tools to help businesses manage their inventory, process [&hellip;]<\/p>\n","protected":false},"author":115,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-22078","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/22078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/115"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=22078"}],"version-history":[{"count":5,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/22078\/revisions"}],"predecessor-version":[{"id":22357,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/22078\/revisions\/22357"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=22078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}