CVE-2024-25153
Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114
In short
FileCatalyst Workflow allows attackers to upload files outside the intended folder through a specially crafted request, potentially enabling them to upload malicious web shells that execute arbitrary code on the server.
Technical detail
A directory traversal vulnerability in the 'ftpservlet' component accepts POST requests with path traversal sequences that bypass upload directory restrictions, allowing placement of JSP files in the web root where they are executed with application privileges, leading to remote code execution.
Summary generated and translated by AI from the official description.
A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Fortra · FileCatalystpublic PoCs found — 3
githubgithub.com/nettitude/CVE-2024-25153★ 42githubgithub.com/rainbowhatrkn/CVE-2024-25153★ 0cve_referencegithub.com/nettitude/CVE-2024-25153/blob/master/CVE-2024-25153.pyunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →