SourceCodester Client Database Management System Directory Traversal Vulnerability

A critical directory traversal vulnerability has been identified in SourceCodester Client Database Management System version 1.0. This vulnerability allows remote attackers to access restricted directories and files, potentially leading to unauthorized database access, sensitive data leakage, data manipulation, and in severe cases, complete system control or service disruption.

Impact

Exploitation of this vulnerability could result in unauthorized access to the database, allowing attackers to modify or delete data, access sensitive information, or disrupt services.

Reproduction

The vulnerability can be reproduced by accessing the '/cdm/database/', '/cdm/build/', or '/cdm/uploads/' directories. This can be done by sending a request that includes directory traversal payloads to access these vulnerable paths.

Remediation

To address this vulnerability, it is recommended to implement whitelisting for allowed file paths, normalize and validate file paths to ensure they remain within intended directories, and avoid using user input directly in file paths.