Path Traversal via Files Manager in microweber/microweber

Valid

Reported on

Jun 1st 2022


Description

Please enter a description of the vulnerability.

Steps to reproduce

1.Login to admin panel and go to Modules -> Files (http://localhost/microweber/admin/view:modules/load_module:files)

2.Click any file, the url will have the following format: http://localhost/microweber/admin/view:modules/load_module:files#select-file=http://localhost/microweber/userfiles/media/default/defaultprofile_445.jpg

3.Change the url to http://localhost/microweber/admin/view:modules/load_module:files#select-file=http://localhost/test.txt (test.txt is the file outside of microwbever's directory)

4.The content of test.txt (is outside of microwbever's directory) will be appear in dialog

Image POC

https://drive.google.com/file/d/1WrLaAOo8NHF-ik7I4xy-oq7Mr6osWpYn/view?usp=sharing

Impact

Attacker can read files outside the microweber folder

We are processing your report and will contact the microweber team within 24 hours. a month ago
We have contacted a member of the microweber team and are waiting to hear back a month ago
Bozhidar Slaveykov modified the Severity from Medium to Low a month ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Bozhidar Slaveykov validated this vulnerability a month ago
Domiee13 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Bozhidar Slaveykov confirmed that a fix has been merged on 16db81 a month ago
Bozhidar Slaveykov has been awarded the fix bounty
Domiee13
a month ago

Researcher


@admin can we assign a CVE to this vulnerability?

Jamie Slome
a month ago

Admin


We do not auto-assign CVEs to reports that have been given a low severity rating.

to join this conversation