SECUDOS DOMOS before 5.6 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) Vulnerability

Summary

While analyzing the implementation of the DOMOS web interface, one directory traversal vulnerability has been identified, which can be exploited in order to read session_id´s from other registered users and this can lead to a session hijacking of those users. This vulnerability can be exploited by authenticated attackers with access to the web interface.

 

 

 

 

 

 

 

Credit:

The information has been provided by Pascal Keul

The original article can be found at:https://atomic111.github.io/article/secudos-domos-directory_traversal

 


Details

The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.

 

Vulnerable Systems:

SECUDOS DOMOS before 5.6 

 

CVE Information:

CVE-2019-18665

 

Disclosure Timeline:
Published Date: 11/02/2019