givanz Vvveb Path Traversal Vulnerability in Code Editor Component
Vulnerability
A path traversal vulnerability has been identified in givanz Vvveb CMS versions through 1.0.7.3. This issue resides in the Code Editor component, specifically within the 'sanitizeFileName' function of 'system/functions.php'. The vulnerability allows authenticated administrators to read arbitrary files by manipulating the 'file' parameter in the 'loadFile' action. The issue can be exploited remotely, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability leads to authenticated arbitrary file disclosure.
Reproduction
To reproduce this vulnerability, an authenticated administrator can send a request to the 'loadFile' action of the Code Editor module, manipulating the 'file' parameter to include path traversal sequences. The 'sanitizeFileName' function attempts to filter out such sequences, but the vulnerability can be bypassed using null byte injection. Once the traversal is successful, arbitrary files can be accessed.
Remediation
Users are advised to update to the patched version of Vvveb CMS, which is available on the project's GitHub repository.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.