taoofagi easegen-admin Path Traversal Vulnerability in Pdf2MdUtil
Vulnerability
A path traversal vulnerability has been identified in the taoofagi easegen-admin application, specifically in versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433. The issue arises in the recognizeMarkdown function within the Pdf2MdUtil.java file, where the fileUrl parameter is not properly validated. This flaw allows remote attackers to manipulate the fileUrl argument to read arbitrary files from the server's filesystem using the file:// protocol. The vulnerability requires authentication to exploit.
Impact
Exploitation of this vulnerability allows for arbitrary file read, which could lead to the disclosure of sensitive information from the server.
Reproduction
To reproduce this vulnerability, an authenticated user can send a POST request to the /admin-api/digitalcourse/courses/docparse endpoint. The request must include an Authorization header with a valid token. The fileUrl parameter can be manipulated to include a file path, such as /etc/passwd, which will be read by the server and returned in the response.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.