Output Messenger Directory Traversal Vulnerability Allowing Arbitrary File Access

A directory traversal vulnerability has been identified in Output Messenger versions prior to 2.0.63. This vulnerability allows authenticated users to manipulate file paths using '../' sequences to access sensitive files outside the intended directory. Exploitation of this flaw could lead to unauthorized file access, configuration leakage, or even remote code execution by uploading malicious files that are executed by the application.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive files, such as configuration files or user data, and potentially allow for remote code execution if the accessed files are executed as scripts or programs.

Reproduction

To reproduce this vulnerability, an authenticated user can upload files through the Output Messenger Server Manager application. After enabling the output drive feature, files can be uploaded to the server. By replacing the default file name with a directory traversal string, it's possible to navigate to the server's startup directory and execute malicious files.

Remediation

Users are advised to upgrade Output Messenger to version 2.0.63 or later. Instructions for downloading the latest version are available on the Output Messenger website.