elecV2 elecV2P Path Traversal Vulnerability Allowing Arbitrary File Read
Vulnerability
A path traversal vulnerability has been identified in elecV2 elecV2P versions through 3.8.3. The issue arises in the /store/:key endpoint, where the URL parameter is passed directly to the path.join function without proper sanitization. This vulnerability allows for the manipulation of the file path to escape the intended directory and access arbitrary files on the server. The vulnerability can be exploited remotely, without authentication, and has been publicly disclosed along with a proof-of-concept exploit that demonstrates its impact by reading the /etc/passwd file.
Impact
Exploitation of this vulnerability allows for arbitrary file reading on the server, confirmed by accessing the /etc/passwd file.
Reproduction
To reproduce this vulnerability, send a GET request to the /store/:key endpoint with a URL-encoded payload that includes '../' sequences. The server will process the request and return the contents of the requested file, bypassing the intended directory restrictions.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.