iteachyou Dreamer CMS Path Traversal Vulnerability in Resource Retrieval

A path traversal vulnerability has been identified in iteachyou Dreamer CMS version 4.1.3. The issue arises in the resource retrieval functionality, specifically when handling requests for the Ueditor JavaScript file version 1.4.3.3. The vulnerability allows remote attackers to read arbitrary files on the server by exploiting improper input sanitization in GET requests. This flaw could be used to access sensitive files such as .gitignore or package.json, potentially leading to the disclosure of credentials, API keys, and other critical information.

Impact

Exploitation of this vulnerability could allow an attacker to access sensitive files on the server, such as .gitignore and package.json, which may contain critical information like credentials and API keys. Additionally, the vulnerability could be used to enumerate internal directories and the server's file structure.

Reproduction

To reproduce this vulnerability, an authenticated user can navigate to the category editor, where several GET requests are made to fetch resources. By modifying these requests to include path traversal sequences, it is possible to access restricted files outside the intended directory. For example, traversing to access the .gitignore file or other sensitive files in the server's directory structure.