External risk intelligence

Web@rchiv Arbitrary File Upload Leading to Command Execution.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2022-29347

Web@rchiv is a web application. Web applications are commonly deployed as internet-facing services, and this vulnerability involves an arbitrary file upload function that would typically be accessible through the application's web interface.

Unrestricted File Upload

Web\@rchiv Project Web\@rchiv

1.0

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns a critical vulnerability in Web@rchiv 1.0 that could allow unauthorized command execution through a file upload flaw. The main concern is confirming relevance and exposure given the nature of the technology.

  • A file upload flaw allows system command execution.
  • Critical vulnerability in widely used web archiving software.
  • Confirm if this web archiving tool is in use.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by uploading a specially crafted PHP file to the Web@rchiv application. This file upload feature is exposed to the internet, allowing unauthenticated users to interact with it. Successful exploitation enables an attacker to execute arbitrary commands on the server.

  • No authentication required to upload.
  • Triggered by uploading a malicious PHP file.
  • Allows arbitrary command execution.

Live Threat

Current exploitation, exposure, and threat context

An arbitrary file upload vulnerability in Web@rchiv could allow an unauthenticated attacker to execute arbitrary commands on the server by uploading a crafted PHP file. This could lead to a compromise of the affected system.

  • Server-side command execution.
  • Upload a malicious PHP file.
  • Complete system compromise.

Operational Fix

Recommended remediation, mitigation, and detection steps

The Web@rchiv application owners and the infrastructure teams responsible for hosting it should lead the response. The immediate first step is to locate all instances of Web@rchiv, assess their exposure and criticality, and identify the accountable system owners for each instance before planning remediation.

  • Identify accountable owners and asset inventory.
  • Verify public exposure and business criticality.
  • Plan risk-based remediation or mitigation.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Web@rchiv?

Web@rchiv is a web application designed for archiving digital content. It provides tools for capturing, storing, and managing web-based records, serving as a repository for historical or reference data. Users typically interact with it through a web interface to archive or retrieve stored information.

What does CVE-2022-29347 mean?

This CVE identifies a weakness categorized as CWE-434, which is Unrestricted Upload of File with Dangerous Type. In plain English, the software fails to properly check or limit the types of files users are allowed to upload. Because the application processes these uploads, it can be tricked into accepting executable code instead of the intended data, leading to unauthorized command execution.

How is this vulnerability triggered?

The flaw is triggered when an attacker uploads a specially crafted PHP file to the application. The system then processes this file as part of its normal operation, inadvertently executing the malicious code contained within it. The vulnerability is not triggered by simply visiting the site or using standard, non-executable files; it specifically requires the submission of a file designed to run on the server.

Is my Web@rchiv instance at risk?

If you are running Web@rchiv, you should consider the risk based on your deployment. Halo Surface Signal indicates that because this is a web application, it is commonly exposed to the internet. If your instance is internet-facing, it is reachable by external actors without authentication, making it a high priority for verification regardless of where it sits on your network.

What are the first steps to address this?

Start by creating a complete inventory of all Web@rchiv installations in your environment to ensure nothing is overlooked. Once identified, determine which instances are business-critical and whether they are accessible from the internet. Finally, coordinate with the specific system owners to assess the current configuration and prioritize the application of any available security updates or protective measures.

References