CmsEasy Path Traversal Vulnerability in Database Administration Library

A critical path traversal vulnerability has been identified in CmsEasy version 7.7.7.9. The issue arises in the database administration library, specifically within the deletedir_action and restore_action functions. This vulnerability allows remote attackers to manipulate input in a way that traverses the file path, potentially leading to unauthorized access to files or directories outside of the intended restrictions. The vulnerability has been publicly disclosed and is accompanied by a proof-of-concept exploit.

Impact

Exploitation of this vulnerability could lead to unauthorized file access, allowing attackers to read sensitive information or manipulate files on the server.

Reproduction

The vulnerability can be reproduced by sending a request to the deletedir_action or restore_action functions in the lib/admin/database_admin.php file. The request must include crafted input that exploits the path traversal flaw, such as using special elements in the pathname to navigate outside of the restricted directory.