Baowzh Hfly Path Traversal Vulnerability in Download Function

A path traversal vulnerability has been identified in Baowzh Hfly versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c. The issue arises in the download function of the file '/admin/index.php/datafile/download', where improper validation of the 'filename' parameter allows remote attackers to traverse directories and access arbitrary files on the server. This vulnerability could lead to the exposure of sensitive information such as configuration files, passwords, or keys.

Impact

Exploitation of this vulnerability allows for arbitrary file reading on the server, which could include sensitive information such as configuration files, passwords, or cryptographic keys.

Reproduction

To reproduce this vulnerability, send a request to the '/admin/index.php/datafile/download' endpoint with a manipulated 'filename' parameter that includes path traversal sequences. This will bypass the application's file access restrictions and allow the download of arbitrary files from the server.