RiteCMS Directory Traversal Vulnerability in Templates Component

A directory traversal vulnerability has been identified in the templates component of RiteCMS version 3.1.0. This vulnerability allows attackers to bypass access controls and access sensitive files. The issue arises from incorrect access control, which enables directory traversal attacks. Exploitation involves sending HTTP GET requests to directory endpoints within the templates component, where the server responds with a directory listing that can be navigated to access files and subdirectories. Notably, this vulnerability does not require authentication and can be exploited in private or incognito browsing sessions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server.

Reproduction

To reproduce this vulnerability, send an HTTP GET request to the '/templates/' or '/templates/subtemplates/' directory endpoints. The server will respond with a directory listing that can be navigated to access files and subdirectories. This vulnerability can be exploited without authentication, making it accessible in private or incognito browsing sessions.