AbanteCart Directory Traversal Vulnerability Allowing Unauthenticated Access to Sensitive Files

A directory traversal vulnerability has been identified in AbanteCart version 1.4.2. This vulnerability allows unauthenticated attackers to access sensitive system files by exploiting the template parameter in index.php. By injecting '../' sequences, attackers can traverse outside the intended template directory and retrieve arbitrary files from the web server. This could include critical files such as /etc/passwd, potentially exposing usernames, hashed passwords, private keys, or application secrets.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive system files, including user data and application secrets.

Reproduction

To reproduce this vulnerability, send a request to index.php with a crafted template parameter that includes directory traversal sequences. The request should target the page_builder extension and specify a file such as /etc/passwd. The server will respond with the contents of the requested file, demonstrating the successful exploitation of the directory traversal vulnerability.