CVE-2023-0316

Local File Read through Improper Filename Validation

Last updated 1 year ago

CVE-2023-0316

Local File Read through Improper Filename Validation

Vulnerability Explanation

This vulnerability occur because there is no filename validation on logo_image_login and logo_image_header on import and export function. Attacker can use path traversal payload to read local file such as /etc/passwd or froxlor config file.

Vulnerability Type

Local File Read

CVSS

(Medium)

Vendor

Affected Version

froxlor version 0.10.38.3 until 2.x

Proof of Concept

Go to import function on "Settings"
Modify filename on logo_image_login or logo_image_header with path traversal payload , e.g "../../../../../etc/passwd?v=1672300384"
After successfully imported file, go to "Settings" and go to Export page
Click Download/Export Settings, then leaked file will be on panel.logo_image_login.image_data key on json file in base64 encoded format

Exploit Code

# TBU

Tested On

froxlor version: 2.0.0-beta1

Disclosure Timeline

2022-12-29: Vulnerability discovered.
2023-12-31: Vulnerability fixed.
2023-01-14: Vulnerability reported to the MITRE corporation.
2023-01-14: CVE has been assigned.
2023-01-16: Public disclosure of the vulnerability.

Researcher

Additional Information

Last updated 1 year ago