Follett Destiny Library Manager Directory Traversal Vulnerability Allowing Arbitrary File Read

A directory traversal vulnerability has been identified in Follett Software's Destiny Library Manager versions 22_0_2_rc1, allowing remote attackers to read arbitrary system and application files. The vulnerability arises in the '/passthrough' endpoint, which accepts an 'image' parameter. The endpoint fails to properly sanitize traversal sequences, enabling attackers to manipulate the parameter and access sensitive files on the server.

Impact

Exploitation of this vulnerability allows for unauthenticated local file inclusion, where an attacker can read files from the server's file system. This could potentially lead to the disclosure of sensitive information or configuration files.

Reproduction

To reproduce this vulnerability, send a GET request to the '/passthrough' endpoint with the 'image' parameter. Append a traversal sequence to the parameter value, such as '..%5c', followed by the path of a file you wish to access, like 'c:\windows\win.ini'. The server will respond with the contents of the requested file.

Remediation

Users can update to Follett Destiny Library Manager version 22.5 AU1 or later to address this vulnerability. For those who have not yet patched, Follett has updated the Follett Software Security Agent (FSSA) to prevent this attack.