Performave Convoy Directory Traversal Vulnerability in LocaleController Component Allowing Remote Code Execution
Vulnerability
A directory traversal vulnerability has been identified in the LocaleController component of Performave Convoy, affecting versions 3.9.0-rc3 prior to 4.4.1. This vulnerability allows an unauthenticated remote attacker to exploit the application by sending a specially crafted HTTP request with malicious locale and namespace parameters. Successful exploitation enables the attacker to include and execute arbitrary PHP files on the server.
Impact
Exploitation of this vulnerability allows for remote code execution on the server, giving the attacker full control over the application environment. Additionally, this vulnerability could lead to unauthorized access to sensitive files, such as the .env configuration file, which may contain critical information like database credentials and API keys.
Remediation
Users are advised to upgrade to version 4.4.1 or later. For those unable to upgrade immediately, a temporary workaround involves applying strict Web Application Firewall (WAF) rules to incoming requests targeting the vulnerable endpoints. These rules should validate the 'locale' and 'namespace' parameters to ensure they meet specific criteria.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.