WuKongOpenSource WukongCRM Information Exposure Vulnerability in API Response Handler

A system path disclosure vulnerability exists in WuKongOpenSource WukongCRM version 11.0, specifically within the API Response Handler component. The vulnerability is located in the '/adminFile/upload' endpoint, where the application improperly configures the Data Transfer Object (DTO) layer. This misconfiguration allows the full entity object to be sent to the frontend, exposing sensitive information such as the absolute file storage path on the server. This information leakage can provide attackers with insights into the server's file structure, potentially leading to further exploitation.

Impact

The vulnerability allows for unauthorized information disclosure, revealing sensitive server-side details that could aid in crafting additional attacks. Exploitation of this vulnerability could also facilitate path traversal, arbitrary file read, or local file inclusion attacks, especially if combined with other existing vulnerabilities.

Reproduction

To reproduce this vulnerability, upload a file through the '/adminFile/upload' endpoint. The response will include the absolute file path of the uploaded file on the server, demonstrating the information exposure.

Remediation

It is recommended to implement a proper DTO layer that filters out sensitive information, such as absolute file paths, from API responses. Only non-sensitive data should be returned to clients.