Yunjing CMS upload_img.html unrestricted upload

Vulnerability

An unrestricted file upload vulnerability exists in Yunjing CMS. The affected code is in the file /index/user/upload_img.html. The manipulation of the file argument with the HTTP POST method allows an attacker to upload arbitrary files, including PHP shells, without proper validation of file type or content [1]. The impact is critical, as remote attackers can upload executable files to the server.

Exploitation

An attacker does not need authentication to reach the vulnerable endpoint. The attack is performed remotely by sending a specially crafted HTTP POST request to /index/user/upload_img.html with a malicious file (e.g., a PHP webshell) attached to the file parameter [1]. No user interaction is required. The exploit has been publicly disclosed and may be used by unauthenticated remote attackers.

Impact

Successful exploitation allows the attacker to upload and execute arbitrary code on the server. This leads to complete compromise of the web application and potentially the underlying operating system, depending on file permissions and server configuration. The confidentiality, integrity, and availability of the application can be fully compromised [1].

Mitigation

No official fix from the vendor has been released as of the publication date. The vulnerability is publicly disclosed and listed in the CVE database [1]. Users should restrict access to the upload endpoint, implement strict file type and content validation, or disable the upload functionality until a patch is provided. This CVE is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.