lsFusion Path Traversal Vulnerability in DownloadFileRequestHandler
Vulnerability
A path traversal vulnerability has been identified in the lsFusion platform in versions through 6.1. The issue arises in the DownloadFileRequestHandler function, where the version parameter is not properly validated. This flaw allows for arbitrary file read operations by manipulating the version argument. The vulnerability can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability allows for unauthorized access to arbitrary files on the server, potentially leading to the exposure of sensitive information.
Reproduction
To reproduce this vulnerability, send a request to the '/file/static/noauth' API endpoint without a trailing path. Include a crafted version parameter that exploits the path traversal validation. The response will contain the contents of the file specified by the manipulated version parameter, demonstrating the arbitrary file read capability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.