Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.
The vulnerability exists in the kiosk.php component of the DerbyNet application. The 'page' parameter passed to this script is not properly validated or filtered, allowing an attacker to provide a crafted path containing path traversal sequences (e.g., '../'). By manipulating this parameter, a remote attacker can exit the allowed application directory and execute arbitrary code on the server without requiring any privileges.
An attacker can gain full control over the server, including reading, modifying or deleting any files, as well as executing malicious code leading to system compromise. The confidentiality, integrity and availability of the entire server environment are at risk.
Apply patches available from the vendor according to the references. As a temporary workaround, it is recommended to restrict access to the kiosk.php component at the firewall or web server level and monitor the 'page' parameter for suspicious values.
DerbyNet version 9.0 — website/kiosk.php component
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDerbynet
APPDerbynet9.0
Related vulnerabilities
SQL Injection w DerbyNet v9.0 — zdalne wykonanie kodu przez klauzulę WHERE
SQL Injection z możliwością RCE w DerbyNet v9.0 i wcześniejszych
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary co...
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via ...
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via t...