An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format.
The attacker exploits the file renaming function available in the /admin/manager.php component by renaming a previously uploaded PHP file to an SVG extension. The application's mechanism improperly handles this type of operation (CWE-706 – use of improperly resolved name or reference), failing to verify the actual file content after renaming. As a result, the file with PHP code remains executable by the server despite the extension change, enabling RCE. The vulnerability is also related to CWE-434, which is the lack of restrictions on uploading dangerous file types.
An attacker can execute arbitrary code on the server side, which leads to full takeover of the application and potentially the entire system – including breach of confidentiality, integrity, and availability of data.
Patches available from the vendor should be applied according to the references. Additionally, it is recommended to restrict access to the admin panel (/admin/) exclusively to trusted IP addresses and to verify the server for the presence of suspicious SVG files in publicly accessible directories.
EasyImages 2.0 version 2.8.6 and all earlier versions (Easyimages2.0 Project).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEasyimages2.0 Project Easyimages2.0
APPEasyimages2.0 Project≤ 2.8.6
Related vulnerabilities
EasyImages 2.0 — arbitrary file rename umożliwiający RCE przez spreparowaną nazwę pliku
An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below ...
A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below a...
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/...
EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php.