Primary

Context

WebFileSys Directory Traversal Vulnerability in relPath Parameter

Vulnerability

A directory traversal vulnerability has been identified in WebFileSys version 2.31.0. The issue arises in the relPath parameter, where attackers can inject traversal payloads through crafted HTTP requests. This manipulation of file paths may lead to unauthorized access to sensitive files, potentially exposing data outside the intended directory.

Impact

Exploitation of this vulnerability allows for directory traversal, enabling attackers to access files and directories outside the web root, potentially leading to the exposure of sensitive information.

Reproduction

To reproduce this vulnerability, send a GET request to the WebFileSys servlet with the relPath parameter set to include directory traversal payloads, such as '/../..'. This request should be made while logged into the application, as indicated by the inclusion of a session cookie.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WebFileSys Directory Traversal Vulnerability in relPath Parameter

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating