SeaCMS Information Disclosure Vulnerability in Admin Safe Component

A critical information disclosure vulnerability exists in SeaCMS version 13.1, specifically within the admin_safe.php component located in the /btcoan/ directory. This vulnerability allows authenticated administrators to scan and download the application's source code, as well as any file accessible from the server's root directory.

Impact

Exploitation of this vulnerability allows administrative users to download the entire application source code, access sensitive configuration files from the server, and potentially retrieve files from other applications hosted on the same server. This exposure could lead to further attacks by revealing the application's security mechanisms.

Reproduction

To reproduce this vulnerability, log into the SeaCMS 13.1 admin panel and navigate to the security scanning module located in '/btcoan/admin_safe.php'. Initiate a scan, which will not only identify files but also provide direct download links to their source code. The scanning feature can traverse the server root directory, accessing files from other applications and potentially sensitive server information.

Remediation

To address this vulnerability, restrict file scanning to only display metadata without content access. Implement proper directory isolation to prevent access to files outside the application's directory, add authorization checks for the security scanning feature, and consider removing or restricting the file download capability from this module.