xbtitFM Path Traversal Vulnerability Allowing Unauthenticated Access to Sensitive System Files
Vulnerability
A path traversal vulnerability has been identified in xbtitFM version 4.1.18. This vulnerability allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Exploitation involves using encoded path traversal characters in HTTP requests to read critical files, such as database configuration or system files.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive system files, including database credentials, which could be used for further attacks such as SQL injection or database exploitation.
Reproduction
To reproduce this vulnerability, send a request to 'nfogen.php' with a crafted 'nfo' parameter that includes encoded path traversal characters. This will bypass the application's path restrictions and allow access to sensitive files like 'settings.php' or 'update.php', which contain database credentials. Once the credentials are obtained, they can be used to access the database and export its contents.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.