Whistle Path Traversal Vulnerability in Version 2.9.98
Vulnerability
A path traversal vulnerability has been identified in Whistle version 2.9.98. The issue arises in the file '/cgi-bin/sessions/get-temp-file', where the 'filename' parameter is not properly sanitized. This lack of input validation allows unauthenticated users to manipulate the parameter and access arbitrary files on the server. For example, exploiting this vulnerability with a request for '/etc/passwd' successfully returns the contents of that file, indicating a significant risk of unauthorized information disclosure.
Impact
Exploitation of this vulnerability allows for unauthorized access to files outside the intended directory, potentially leading to information disclosure or further attacks.
Reproduction
The vulnerability can be reproduced by sending a request to the '/cgi-bin/sessions/get-temp-file' endpoint with a crafted 'filename' parameter that includes a directory traversal payload. The server's response will reveal the contents of the requested file, demonstrating the successful exploitation of the path traversal vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.