App needs re-binding to guard against PHP-related security flaw
A recently patched critical vulnerability in BookStack made it possible to push malware onto vulnerable systems simply by accessing the image upload feature.
Exploit scenarios for the remote code execution vulnerability (CVE-2020-5256) in BookStack – an application for building self-hosted wikis – center on where a non-trusted user has permission to upload images into the application.
“A user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely,” an advisory posted on GitHub explains.
“They would then have the permissions of the PHP process.”
The vulnerability is resolved in BookStack version 0.25.5.
Alternatively, developers should prevent the direct execution of any PHP files by applying restrictive web server configuration settings.