-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pagekit/pagekit | composer | <= 1.0.18 |
Miggo AIRoot Cause AnalysisThe vulnerability is an authenticated arbitrary file upload in Pagekit CMS, leading to remote code execution. The analysis of the source code of pagekit/pagekit version 1.0.18 reveals that the FinderController is responsible for handling file uploads. The uploadAction method in this controller processes the uploads.
The root cause of the vulnerability lies in the isValidFilename method, which is used by uploadAction to validate uploaded files. The isValidFilename method checks the file extension against a list of allowed extensions. However, if the uploaded file has no extension (e.g., a filename like .htaccess), the extension check is bypassed. This allows an authenticated user to upload a .htaccess file to a web-accessible directory.
An attacker can leverage this to upload a malicious .htaccess file that configures the Apache web server to execute a seemingly harmless file type (like images) as PHP scripts. For example, they can add the directive AddType application/x-httpd-php .jpg. After successfully uploading the .htaccess file, the attacker can then upload a file with a .jpg extension containing PHP code. When this image file is accessed, the web server will execute the embedded PHP code, resulting in remote code execution.
Pagekit\Finder\Controller\FinderController::uploadActionapp/system/modules/finder/src/Controller/FinderController.php
Pagekit\Finder\Controller\FinderController::isValidFilenameapp/system/modules/finder/src/Controller/FinderController.php
A Semantic Attack on Google Gemini - Read the Latest Research