Eptura Archibus Directory Traversal Vulnerability in Database Update Wizard

A directory traversal vulnerability has been identified in Eptura Archibus versions prior to 2025.01. This issue affects the 'Run Script' and 'Server File' components of the 'Database Update Wizard'. An attacker can exploit this vulnerability by intercepting and modifying requests to the server, particularly the 'c0-param0' and 'c0-param1' variables. This manipulation allows the attacker to bypass folder restrictions and read files on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized file access on the server, allowing attackers to read sensitive information or potentially execute malicious scripts.

Reproduction

To reproduce this vulnerability, access the 'Database Update Wizard' in an affected version of Eptura Archibus. Use the 'Run Script' or 'Server File' features, and intercept the request to the server. Modify the 'c0-param0' and 'c0-param1' variables to include directory traversal sequences. Once the request is sent, the server will respond with the contents of the files specified in the traversal, bypassing any directory restrictions.