Longjing Technology BEMS API Directory Traversal Vulnerability Allowing Unauthenticated Arbitrary File Download
Vulnerability
A directory traversal vulnerability allowing unauthenticated arbitrary file downloads has been identified in the Longjing Technology BEMS API, specifically in version 1.21. The issue arises in the 'downloads' endpoint, where the 'fileName' parameter is not adequately sanitized. This lack of proper validation enables attackers to manipulate the parameter to access sensitive files outside the intended directory.
Impact
Exploitation of this vulnerability allows for unauthorized access to arbitrary files on the server, including sensitive system files such as '/etc/passwd' and '/etc/shadow'.
Reproduction
To reproduce this vulnerability, send a request to the '/api/downloads' endpoint with a crafted 'fileName' parameter that includes directory traversal sequences (../../) to navigate outside the intended directory. The absence of proper sanitization will allow the download of sensitive files from the server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.