A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
The file management function in Astroid Framework does not require authentication and does not sufficiently verify the types of uploaded files (CWE-434: Unrestricted Upload of File with Dangerous Type). An attacker can upload an executable file (e.g., PHP webshell) to the server without needing any permissions. Once the file is placed on the server, it can be executed remotely, resulting in arbitrary code execution in the context of the application server.
An unauthenticated attacker can gain full control over the server by executing arbitrary code remotely (RCE), which can lead to complete system compromise, data theft, and further lateral movement within the network.
Patches available from the vendor should be applied according to the references. Until the fix is deployed, it is recommended to restrict access to file management functions at the firewall or web server level and disable the ability to execute files in directories designated for uploads.
Templaza Astroid Framework — versions indicated in the vendor's references (https://astroidframe.work)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:XTemplaza Astroid Framework
APPTemplaza2.0.0 – 3.3.10