Bludit Backup Plugin Authenticated Arbitrary File Download Vulnerability

A vulnerability exists in Bludit versions prior to 3.13.1 within the Backup Plugin, allowing authenticated users to download arbitrary files. This issue arises from improper validation of file path parameters, enabling directory traversal attacks to access sensitive system files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server.

Reproduction

To reproduce this vulnerability, log into a Bludit site running a version prior to 3.13.1. Once logged in, navigate to the Backup Plugin's download feature. By manipulating the file path parameters to include directory traversal sequences, it is possible to access and download arbitrary files from the server, including sensitive system files.

Remediation

Users are advised to update Bludit to version 3.13.1 or later, where this vulnerability has been addressed.