[GH-ISSUE #5005] [BUG]: Unrestricted Upload of File with Dangerous Type via Logo #3143

Closed
opened 2026-02-22 18:32:47 -05:00 by yindo · 1 comment
Owner

Originally created by @ritikchaddha on GitHub (Feb 16, 2026).
Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/5005

How are you running AnythingLLM?

Docker (remote machine)

What happened?

The /api/system/upload-logo endpoint accepts file uploads without any validation of file type, extension, or content. This allows attackers to upload files (PHP, JSP, ASPX, EXE etc.) that can be accessed directly via the web server.

Vulnerable Code:
File: /server/endpoints/system.js

const logoUpload = multer({
  storage: multer.diskStorage({
    destination: function (_, _, cb) {
      const uploadPath = path.join(__dirname, "../storage/assets");
      cb(null, uploadPath);
    },
    filename: function (_, file, cb) {
      const uniqueName = uuidv4() + path.extname(file.originalname);
      cb(null, uniqueName);
    },
  }),
  limits: {
    fileSize: 3 * 1024 * 1024 * 1024, // 3GB limit
  },
});

app.post("/system/upload-logo", logoUpload.single("logo"), async (request, response) => {
  // NO FILE TYPE VALIDATION!
  // NO EXTENSION CHECKING!
  // NO CONTENT VERIFICATION!
  response.status(200).json({ message: "Logo uploaded successfully." });
});

Are there known steps to reproduce?

  • Create a malware.exe file having the following data:
MZ@
This is a malware executable for PoC demonstration.
In a real attack, this could be ransomware, trojan, or a backdoor.
PAYLOAD_SECTION: [Base64_Encoded_Shellcode_Here]
DROPPER_ROUTINE: Downloads additional payload from C2 server
C2_SERVER: http://attacker.com/payload.bin
PERSISTENCE: Creates registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  • Upload the malware.exe file.
    curl -X POST http://<SERVER>/api/system/upload-logo \ -F "logo=@malware.exe"

Response:

Image
  • As an unauthenticated user visit http:///api/system/logo or use curl
    curl -s http://<SERVER>/api/system/logo
Image
Originally created by @ritikchaddha on GitHub (Feb 16, 2026). Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/5005 ### How are you running AnythingLLM? Docker (remote machine) ### What happened? The `/api/system/upload-logo` endpoint accepts file uploads without any validation of file type, extension, or content. This allows attackers to upload files (PHP, JSP, ASPX, EXE etc.) that can be accessed directly via the web server. **Vulnerable Code:** File: `/server/endpoints/system.js` ``` const logoUpload = multer({ storage: multer.diskStorage({ destination: function (_, _, cb) { const uploadPath = path.join(__dirname, "../storage/assets"); cb(null, uploadPath); }, filename: function (_, file, cb) { const uniqueName = uuidv4() + path.extname(file.originalname); cb(null, uniqueName); }, }), limits: { fileSize: 3 * 1024 * 1024 * 1024, // 3GB limit }, }); app.post("/system/upload-logo", logoUpload.single("logo"), async (request, response) => { // NO FILE TYPE VALIDATION! // NO EXTENSION CHECKING! // NO CONTENT VERIFICATION! response.status(200).json({ message: "Logo uploaded successfully." }); }); ``` ### Are there known steps to reproduce? - Create a `malware.exe` file having the following data: ``` MZ@ This is a malware executable for PoC demonstration. In a real attack, this could be ransomware, trojan, or a backdoor. PAYLOAD_SECTION: [Base64_Encoded_Shellcode_Here] DROPPER_ROUTINE: Downloads additional payload from C2 server C2_SERVER: http://attacker.com/payload.bin PERSISTENCE: Creates registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run ``` - Upload the `malware.exe` file. `curl -X POST http://<SERVER>/api/system/upload-logo \ -F "logo=@malware.exe"` **Response:** <img width="1219" height="552" alt="Image" src="https://github.com/user-attachments/assets/a91b6624-6a3f-4e26-b3e8-7b77e995371b" /> - As an unauthenticated user visit http://<SERVER>/api/system/logo or use curl `curl -s http://<SERVER>/api/system/logo` <img width="1217" height="560" alt="Image" src="https://github.com/user-attachments/assets/bdefbd45-12c6-41d8-85d5-6a37578c65c6" />
yindo added the possible bug label 2026-02-22 18:32:47 -05:00
yindo closed this issue 2026-02-22 18:32:48 -05:00
Author
Owner

@timothycarambat commented on GitHub (Feb 16, 2026):

First, this is technically irresponsible disclosure since there is an accessible Security and reporting CVE process we have on the repo.

Second, if you have viewed our closed CVEs you would see have closed this exact report many times because it is basically a non-issue. AnythingLLM is not a consumer facing tool and you are expecting the attacker to be given explict access the the system and asking the victim to open the user PFP in a new tab as this does not appear in the UI natively. Given users and admins cannot even see other user PFPs the only attacked vector for this is a self-own.

@timothycarambat commented on GitHub (Feb 16, 2026): First, this is technically irresponsible disclosure since there is an accessible Security and reporting CVE process we have on the repo. Second, if you have viewed our closed CVEs you would see have closed this exact report many times because it is basically a non-issue. AnythingLLM is not a consumer facing tool and you are expecting the attacker to be given explict access the the system and asking the victim to open the user PFP in a new tab as this does not appear in the UI natively. Given users and admins cannot even see other user PFPs the only attacked vector for this is a self-own.
yindo changed title from [BUG]: Unrestricted Upload of File with Dangerous Type via Logo to [GH-ISSUE #5005] [BUG]: Unrestricted Upload of File with Dangerous Type via Logo 2026-06-05 14:50:32 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#3143