A critical path traversal vulnerability in FileRise allows attackers to overwrite system files and perform an administrator account takeover.

The application fails to properly validate filenames in the /api/folder/uploadToSharedFolder.php endpoint. By utilizing URL-encoded path traversal sequences, an attacker can bypass extension checks and write files to arbitrary locations on the server.

Successful exploitation allows an attacker to overwrite sensitive configuration files, such as users.txt, leading to full administrative account takeover. This grants the attacker complete control over the application, potential remote code execution, and unauthorized access to all hosted data. The CVSS score of 9.8 reflects the severity of this access control bypass and the potential for total system compromise.

Immediate Action: Upgrade FileRise to version 3.16.0 or higher immediately to ensure proper URL decoding and path validation.

Proactive Monitoring: Review application logs for suspicious upload activity, specifically looking for file names containing URL-encoded characters (e.g., %2f, %2e) or attempts to access restricted directories.

Compensating Controls: Restrict access to shared-folder upload links to known, trusted entities and utilize a WAF to inspect incoming traffic for path traversal patterns.

Public Exploit Available: Unknown

This vulnerability represents a significant risk to the integrity and confidentiality of the FileRise platform. Organizations must treat this as a high-priority update. Ensure that the patch is applied immediately and verify that no unauthorized administrative accounts were created while the system was vulnerable.