Primary

Context

Oasys Directory Traversal Vulnerability in ProcedureController

Vulnerability

A directory traversal vulnerability has been identified in Oasys version 1.1, specifically within the ProcedureController. The issue arises because the application does not properly validate input, allowing attackers to manipulate the URI path to access unauthorized files. By replacing certain path segments with traversal sequences, it is possible to read files outside the intended directory.

Impact

Exploitation of this vulnerability allows for arbitrary file read, potentially leading to the disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, send a request to the ProcedureController with a URI path that includes directory traversal sequences, such as '..'. The application will respond by directly outputting the requested file contents to the browser, bypassing any security filters.

Added: Sep 10, 2025, 4:34 PM

Updated: Sep 10, 2025, 8:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.0

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.0

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oasys Directory Traversal Vulnerability in ProcedureController

Vulnerability

Impact

Reproduction

Affected Products

oasys

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating