i-doit CMDB Arbitrary File Download Vulnerability

An arbitrary file download vulnerability has been identified in i-doit CMDB version 1.12. This vulnerability allows authenticated attackers to download sensitive files by manipulating the 'file' parameter in 'index.php'. Attackers can send GET requests with 'file_manager=image' and specify arbitrary file paths, such as 'src/config.inc.php', to access configuration files and sensitive system data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files, including configuration files and other critical system data.

Reproduction

To reproduce this vulnerability, send a GET request to 'index.php' with the 'file_manager' parameter set to 'image' and the 'file' parameter set to an arbitrary file path, such as 'src/config.inc.php'. This can be done using a web browser or a tool like cURL or Postman. Ensure that the request includes a valid session cookie to authenticate the request.