GuoMinJim PersonManage Arbitrary File Download Vulnerability
Vulnerability
An arbitrary file download vulnerability exists in the GuoMinJim PersonManage system, specifically in the document query function under the Download Center menu. This vulnerability allows users to download files from arbitrary locations on the server.
Impact
Exploitation of this vulnerability allows for arbitrary file download, which could lead to exposure of sensitive information or system files.
Reproduction
To reproduce this vulnerability, log into the PersonManage system with a root account. Navigate to the Download Center menu and use the document query function to search for documents. Intercept the download request using a tool like Burp Suite. Modify the 'path' field to point to an arbitrary location, such as 'C://Windows', and change the 'filename' field to a specific file, like 'win.ini'. After replaying the modified request, the specified file will be downloaded.
Remediation
It is recommended to restrict file downloads to specific directories, preventing access to arbitrary files across different directories.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.