Executive Summary

This vulnerability is a directory traversal flaw in WebsiteBaker version 2.13.3 that allows authenticated attackers to delete arbitrary files or directories on the server. By manipulating the directory path parameter in a specially crafted GET request to /admin/media/delete.php, attackers can traverse outside the intended directory and delete files beyond their authorized scope. [2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized deletion of files or directories on the server hosting WebsiteBaker. This can cause data loss, disruption of service, and potential denial of service conditions, impacting the availability and integrity of the affected system. [2]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring HTTP GET requests to the endpoint /admin/media/delete.php that include directory traversal sequences in the 'dir' parameter. For example, look for requests containing patterns like '/../' or similar path traversal payloads. A sample detection command using grep on web server logs could be: grep -E '/admin/media/delete.php.*dir=.*\.\./' /var/log/apache2/access.log. Additionally, inspecting for suspicious deletion activity or unexpected file removals in the media directories may help identify exploitation attempts. [2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the /admin/media/delete.php endpoint to trusted and authenticated users only, as the vulnerability requires authentication. Additionally, apply input validation and sanitization on the 'dir' parameter to prevent directory traversal sequences. If possible, update WebsiteBaker to a version where this vulnerability is fixed or apply available patches. As a temporary measure, monitor and block suspicious requests containing directory traversal patterns targeting this endpoint. [2]

Useful 0 Not Useful 0