Primary

Context

Dibo Data Decision-Making System Path Traversal Vulnerability in Download Function

Vulnerability

A path traversal vulnerability has been identified in Dibo Data Decision-Making System versions through 2.7.0. The issue arises in the `downloadImpTemplet` function within the file `/common/dep/common_dep.action.jsp`. The vulnerability allows for arbitrary file read by manipulating the `filePath` argument, with no input validation to prevent access to restricted files. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for arbitrary file read, which could lead to exposure of sensitive information from the server.

Reproduction

To reproduce this vulnerability, send a GET request to `/common/dep/common_dep.action.jsp` with the `action` parameter set to `downloadImpTemplet`. Include a `filePath` value that traverses the directory structure to access a file outside the intended directory, such as `/WEB-INF/web.xml`. The `fileName` parameter can be set to any value, as it is not validated.

Added: Sep 26, 2025, 6:20 PM

Updated: Sep 26, 2025, 6:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dibo Data Decision-Making System Path Traversal Vulnerability in Download Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating