OpenKM Local File Inclusion Vulnerability in Administrative Scripting Interface

A local file inclusion vulnerability has been identified in OpenKM versions 6.3.12 and prior, within the administrative scripting interface. This vulnerability allows authenticated administrators to read arbitrary files by providing a custom filesystem path through the fsPath parameter, with the action set to Load. Exploitation of this vulnerability could lead to unauthorized access to sensitive files such as the /etc/passwd file, configuration files containing database credentials, and JVM keystores accessible to the OpenKM process.

Impact

Successful exploitation allows for the reading of arbitrary files, potentially leading to the disclosure of sensitive information such as user credentials, database connection details, and other confidential data stored in accessible files.

Reproduction

To reproduce this vulnerability, log into the OpenKM administrative account and navigate to the Scripting interface. Once there, use the file loading functionality to specify a filesystem path that points to a sensitive file, such as /etc/passwd. After submitting the request, the contents of the specified file will be displayed, demonstrating the local file inclusion vulnerability.