SOUND4 Impact/First/Pulse/Eco Unauthenticated File Disclosure Vulnerability

A file disclosure vulnerability has been identified in SOUND4 IMPACT, FIRST, PULSE, and Eco versions 2.x and below. This vulnerability allows remote attackers to access sensitive system files by manipulating the 'file' GET parameter. The issue arises in the loghandler.php file, where the absence of proper authentication enables unauthorized file access through the PHPTail logging feature.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive system information, including files such as the passwd file, which contains user account details.

Reproduction

To reproduce this vulnerability, send a request to the 'loghandler.php' file via the 'file' GET parameter. This can be done using a tool like curl. The request should include a path to a sensitive file on the server, such as '/etc/passwd'. The response will be a JSON object containing the file's contents, which can be formatted for easier reading.