CVE-2021-45834
📋 TL;DR
OpenDocMan 1.4.4 contains a critical file upload vulnerability that allows attackers to bypass MIME type restrictions and upload dangerous file types. This can lead to arbitrary code execution on the server when malicious files are processed. Any organization using OpenDocMan 1.4.4 with file upload functionality enabled is affected.
💻 Affected Systems
- OpenDocMan
📦 What is this software?
Opendocman by Opendocman
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through remote code execution, allowing attackers to take control of the server, access sensitive data, and pivot to other systems.
Likely Case
Malicious file upload leading to web shell deployment, data theft, or denial of service through resource exhaustion.
If Mitigated
Limited impact with proper file type validation, restricted upload directories, and execution prevention controls in place.
🎯 Exploit Status
Exploitation requires authentication but is straightforward once authenticated. The vulnerability is well-documented in public repositories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.5 or later
Vendor Advisory: https://github.com/opendocman/opendocman/issues/326
Restart Required: No
Instructions:
1. Backup your OpenDocMan installation and database. 2. Download OpenDocMan 1.4.5 or later from the official repository. 3. Replace the vulnerable files with patched versions. 4. Verify file upload functionality works correctly with proper MIME validation.
🔧 Temporary Workarounds
Disable File Upload
allTemporarily disable file upload functionality in OpenDocMan to prevent exploitation.
Modify OpenDocMan configuration to disable file uploads or restrict to trusted users only
Web Server File Type Restrictions
linuxConfigure web server to block execution of dangerous file types in upload directories.
For Apache: Add 'RemoveHandler .php .php3 .php4 .php5 .phtml .pl .py .jsp .asp .htm .html .shtml .sh .cgi' to upload directory .htaccess
For Nginx: Add 'location ~ \.(php|php3|php4|php5|phtml|pl|py|jsp|asp|sh|cgi)$ { deny all; }' to upload directory config
🧯 If You Can't Patch
- Implement strict file type validation at the application level, checking both file extension and MIME type
- Configure upload directories with no-execute permissions and store files outside web root
🔍 How to Verify
Check if Vulnerable:
Check if OpenDocMan version is 1.4.4 by examining the application version in the admin panel or checking the source code.Check Version:
Check the OpenDocMan admin panel or examine the application's version.php fileVerify Fix Applied:
Test file upload functionality with malicious file types to ensure they are properly rejected. Verify the application version shows 1.4.5 or later.📡 Detection & Monitoring
Log Indicators:
- Multiple failed file upload attempts with unusual file types
- Successful uploads of executable file types (php, jsp, asp, etc.)
- Access to uploaded files with suspicious names or extensions
Network Indicators:
- HTTP POST requests to add.php with file uploads
- Subsequent requests to uploaded files with executable extensions
SIEM Query:
source="web_logs" AND (uri="/add.php" OR uri MATCHES "\.(php|jsp|asp|sh|pl|py)$") AND method="POST"🔗 References
- http://opendocman.com
- https://github.com/opendocman/opendocman
- https://github.com/opendocman/opendocman/issues/326
- https://github.com/opendocman/opendocman/issues/330
- http://opendocman.com
- https://github.com/opendocman/opendocman
- https://github.com/opendocman/opendocman/issues/326
- https://github.com/opendocman/opendocman/issues/330
