Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL {admidio_base_url}/adm_my_files/messages_attachments/{file_name}. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. An attacker can upload a PHP web shell that executes OS commands on the server, compromising the application server. Note: I am using the docker-compose.yaml file from https://github.com/Admidio/admidio/blob/master/README-Docker.md#docker-compose-usage official documentation. Impact: An attacker can exploit this flaw to upload a PHP web shell, which can be used to execute arbitrary commands on the server. This can lead to a complete compromise of the application server, allowing the attacker to: Execute arbitrary code or commands. Access, modify, or delete sensitive data. Install malicious software or scripts. Gain further access to internal networks. Disrupt services and applications hosted on the server. Recommendation: Implement strict file extension verification to ensure that only allowed file types (e.g., images, documents) can be uploaded. Reject any file upload with disallowed or suspicious extensions such as .php, .phtml, .exe, etc. Steps to Reproduce: As a member user, go to write an…Read More