Display Painéis TGA Path Traversal Vulnerability in Galeria Page Component

A path traversal vulnerability has been identified in Display Painéis TGA versions through 7.1.41. The issue arises in the Galeria Page component, specifically within the '/gallery/rename' functionality. By manipulating the 'current_folder' argument, an attacker can traverse directories and access files outside the intended application folder. This vulnerability could lead to unauthorized renaming, moving, deletion, or overwriting of resources, as well as potential disclosure or corruption of sensitive files.

Impact

Exploitation of this vulnerability allows for arbitrary manipulation of the directory structure, which could result in unauthorized access to, or modification of, sensitive data or system-critical files.

Reproduction

To reproduce this vulnerability, create a folder named 'POC' in the application's gallery. Then, rename an existing file or folder within the gallery. The rename operation will succeed without any restrictions. After that, attempt to traverse directories by renaming with a path that references a parent folder, such as using '../'. The system will successfully rename and move the folder outside of the intended path. Finally, confirm that the traversal allows arbitrary relocation by moving the folder to a different location within the gallery.