School ERP Pro Path Traversal Vulnerability Allowing Arbitrary File Read

A file disclosure vulnerability has been identified in School ERP Pro version 1.0. This vulnerability allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. By supplying directory traversal paths, attackers can access sensitive configuration files to retrieve system credentials and other confidential information.

Impact

Exploitation of this vulnerability leads to unauthorized access to arbitrary files, including sensitive configuration files that may contain system credentials.

Reproduction

To reproduce this vulnerability, send a request to download.php with a crafted 'document' parameter that includes directory traversal sequences. This will bypass normal file access restrictions and allow the retrieval of files outside the intended directory.