Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key (APP_KEY), database credentials, SMTP/SendGrid API credentials, and internal configuration parameters, enabling complete system compromise including authentication bypass via session token forgery, direct database access to all tenant data, and email infrastructure takeover. Due to the multi-tenancy architecture, this vulnerability affects all tenants in the system.
An attacker sends an unauthenticated HTTP GET request to /script/.env on the application server. This file is not properly protected against public access and returns the Laravel environment configuration contents in the response. The exposed file contains the application encryption key (APP_KEY), database access credentials, SMTP credentials, SendGrid API keys, and internal configuration parameters. Possessing the APP_KEY, an attacker can forge session tokens and bypass authentication mechanisms (authentication bypass via session token forgery), gain direct access to the database, and take over the mail infrastructure.
An attacker can completely take over the system: gain access to data of all tenants in the multi-tenancy architecture, impersonate any user through session token forgery, read and modify the entire database, and take control of the email infrastructure. Due to the multi-tenant architecture, the breach affects all clients using the platform simultaneously.
Apply patches available from the vendor according to the references. Until the fix is implemented, it is recommended to immediately block access to the /script/.env file at the web server level (e.g., deny rules in nginx/Apache configuration), rotate all exposed secrets (APP_KEY, database passwords, SMTP/SendGrid API keys), and audit access logs to determine whether the file has already been downloaded by unauthorized parties.
Dokans Multi-Tenancy Based eCommerce Platform SaaS version 3.9.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NAmcoders Dokans
APPAmcoders3.9.2