Description

The application allows to read or execute files located on the server through relative paths manipulation in the input fields.

Impact

- Visualize the content of sensitive files stored on the server. - Get sensitive data. - Read system files.

Recommendation

- Validate that the parameters received by the application do not contain relative paths. - Disable insecure functions that allow reading of arbitrary files on the server.

Threat

Unauthorized attacker from local network.

Expected Remediation Time

⏱️ 120 minutes.

Requirements

Fixes