CVE-2024-25153 – Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114

https://notcve.org/view.php?id=CVE-2024-25153

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells. Un directory traversal dentro del 'ftpservlet' de FileCatalyst Workflow Web Portal permite cargar archivos fuera del directorio 'uploadtemp' previsto con una solicitud POST especialmente manipulada. En situaciones en las que un archivo se carga correctamente en DocumentRoot del portal web, se pueden utilizar archivos JSP especialmente manipulados para ejecutar código, incluidos los shells web. • https://github.com/nettitude/CVE-2024-25153 https://github.com/rainbowhatrkn/CVE-2024-25153 https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html https://www.fortra.com/security/advisory/fi-2024-002 • CWE-472: External Control of Assumed-Immutable Web Parameter •