Primary

Context

Tikit eMarketing Directory Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

A directory traversal vulnerability leading to local file inclusion has been identified in Tikit (now Advanced) eMarketing platform version 6.8.3.0. This vulnerability allows remote attackers to read arbitrary files and access sensitive information by sending a crafted payload in the filename parameter to the OpenLogFile endpoint.

Impact

Exploitation of this vulnerability allows for arbitrary file read, which could lead to exposure of sensitive information such as database credentials.

Reproduction

The vulnerability can be reproduced by sending an HTTP GET request to the OpenLogFile endpoint with a crafted filename parameter that traverses directories. For example, to read the hosts file on a vulnerable Windows system, the filename parameter can be set to include the path to the hosts file.

Remediation

Users are advised to update to the latest version of the eMarketing platform.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tikit eMarketing Directory Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating