Arbitrary File Upload to Web Root In IDAttend’s IDWeb Application

Vulnerability

The IDAttend IDWeb application version 3.1.013 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload dangerous files directly to the web root. The application does not properly validate or restrict the file types that authenticated users can upload, enabling the upload of ASP or ASPX files [1].

Exploitation

An attacker must first have valid authentication credentials for the IDWeb application. Once authenticated, the attacker can use the file upload functionality to upload a malicious ASP or ASPX file to the web root directory. No additional privileges or user interaction beyond the initial authentication are required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the affected server with the privileges of the web application, typically SYSTEM or NETWORK SERVICE. The uploaded ASP/ASPX file can be accessed via the web server, providing full remote code execution on the vulnerable server [1].

Mitigation

The vulnerability is fixed in IDAttend IDWeb version 3.1.053. Organizations running version 3.1.013 or earlier should upgrade to the fixed version as soon as possible. No workarounds have been publicly disclosed in the available references [1].