SimStudioAI Sim Path Traversal Vulnerability Allowing Arbitrary File Deletion
Vulnerability
A path traversal vulnerability has been identified in SimStudioAI Sim versions through ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This vulnerability allows for arbitrary file deletion by manipulating the 'filePath' argument, which is not properly validated before use. The issue can be exploited remotely, leading to the deletion of arbitrary system files.
Impact
Exploitation of this vulnerability allows for arbitrary file deletion, which could be used to remove critical system or application files, potentially causing application malfunctions or system instability.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/api/files/delete' endpoint with a 'filePath' value that includes path traversal sequences. This request must be made with an authenticated session.
Remediation
Users are advised to update to the latest version of SimStudioAI Sim, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.