When I'm using the application, I observed that application is vulnerable to LFI(Local File Inclusion) vulnerability. an only authenticated user can perform this exploit remotely.
Step to reproduce the Vulnerability
Login into the application as an admin user or equivalent user and go the below link
################################################################# To fix the Vulnerability
If possible, do not permit appending file paths directly. Make them hard-coded or selectable from a limited hard-coded path list via an index variable.
If you definitely need dynamic path concatenation, ensure you only accept required characters such as "a-Z0-9" and do not allow ".." or "/" or "%00" (null byte) or any other similar unexpected characters.
It is important to limit the API to allow inclusion only from a directory and directories below it. This way you can ensure any potential attack cannot perform a directory traversal attack.
Tested on Windows 10
XAMPP version: v3.2.2
Gila CMS Version: 1.10.9
The text was updated successfully, but these errors were encountered:
Hello Team,
When I'm using the application, I observed that application is vulnerable to LFI(Local File Inclusion) vulnerability. an only authenticated user can perform this exploit remotely.
Step to reproduce the Vulnerability
Login into the application as an admin user or equivalent user and go the below link
http://localhost/gilacms/admin/fm/?f=src../../../../../../../../../WINDOWS/system32/drivers/etc/hosts#################################################################
To fix the Vulnerability
Tested on Windows 10
XAMPP version: v3.2.2
Gila CMS Version: 1.10.9
The text was updated successfully, but these errors were encountered: