InnoShop Directory Traversal Vulnerability in File Manager API
Vulnerability
A directory traversal vulnerability has been identified in InnoShop versions through 0.4.1. This vulnerability exists within the FileManager API endpoints, allowing authenticated attackers with admin panel access to traverse the file system. Exploitation of this vulnerability enables attackers to fully map the file system structure, create arbitrary directories, read and delete files, and upload files that can be moved anywhere in the file system.
Impact
Exploitation of this vulnerability allows for extensive file system manipulation, including unauthorized file access, deletion, and execution of uploaded files as PHP scripts, leading to remote code execution.
Reproduction
The vulnerability can be reproduced by sending requests to the FileManager API endpoints with crafted 'base_folder' parameters that include directory traversal sequences. This can be done using tools like Burp Suite or cURL, after obtaining an admin token for authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.