SOPlanning Directory Traversal Vulnerability Allowing Arbitrary File Deletion

A directory traversal vulnerability has been identified in SOPlanning version 1.53.00, specifically within the file upload process. The issue arises in 'process/upload.php', where the 'fichier_to_delete' parameter allows authenticated attackers to manipulate file paths using directory traversal sequences. This exploitation can lead to the deletion of arbitrary files outside the designated upload directory, causing potential disruption of application functionality or denial-of-service conditions.

Impact

Exploitation of this vulnerability allows for the deletion of any file on the server, including critical system files and application data. Such actions could disrupt service, cause data loss, or facilitate further exploitation of the system.

Reproduction

To reproduce this vulnerability, an authenticated user can send a POST request to 'process/upload.php' with the 'fichier_to_delete' parameter. The request should include directory traversal sequences to navigate outside the intended upload directory and specify a target file for deletion. The absence of proper input validation in this parameter allows for the successful removal of files from the server.

Remediation

Users are advised to update to the latest version of SOPlanning, as the development team has released a patch for this vulnerability.