Daylight Studio FuelCMS Path Traversal Vulnerability in Blocks Module

A path traversal vulnerability has been identified in the Blocks module of Daylight Studio FuelCMS version 1.5.2. This vulnerability allows authenticated users to read specific PHP files on the server, such as database or configuration files, by exploiting improper sanitization of file names in the Blocks module.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files, including database credentials and FuelCMS configuration information. According to the vulnerability report, if an attacker retrieves valid database credentials, they could access all website information, manipulate admin accounts, and disrupt FuelCMS availability by modifying or deleting critical database components.

Reproduction

To reproduce this vulnerability, an authenticated user must have a role that permits 'POST' requests to the '/fuel/blocks/edit/' endpoint. The user can then upload a new block through the 'Blocks' feature, inserting a crafted file name that exploits the path traversal vulnerability. After uploading, the application will prompt to 'import' the file's content, which, if successful, will return the file's contents via the application's response.