ProjeQtor Path Traversal Vulnerability in Log File Viewer

A path traversal vulnerability has been identified in ProjeQtor versions 7.0 prior to 12.4.4. The issue resides in the log file viewer, specifically within the dynamicDialog.php file. The vulnerability arises because the logname parameter does not properly validate against directory traversal sequences before creating file paths. This flaw allows authenticated attackers to inject traversal sequences to access arbitrary .log files on the filesystem that are reachable by the web server process.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive log files, which may contain confidential information about the application, its users, or the server environment. Such information could be leveraged to identify and exploit additional vulnerabilities or access sensitive data for further attacks.

Remediation

The application should be updated to version 12.4.4 or later, where this vulnerability has been addressed. Additionally, the log viewer functionality should be modified to prevent arbitrary path inputs, allowing only predefined log names that do not include traversal sequences.