CVE-2026-7132
Received Received - Intake
Path Traversal in code-projects Online Lot Reservation System Download Module

Publication date: 2026-04-27

Last updated on: 2026-04-27

Assigner: VulDB

Description
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7132
EUVD
EUVD-2026-25860
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
code-projects online_lot_reservation_system to 1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7132 is a vulnerability in the Online Lot Reservation System version 1.0, specifically in the download.php file's readfile function. The issue arises because the 'file' parameter is not properly validated or sanitized before being passed to the PHP readfile() function. This allows an attacker to perform a path traversal attack, enabling them to read arbitrary files on the server remotely without authentication.

  • The attacker can manipulate the 'file' parameter to access sensitive files by using relative paths (e.g., '../') or absolute paths.
  • Examples of files that can be read include system configuration files like /etc/passwd on Linux or C:\Windows\system32\drivers\etc\hosts on Windows.
  • Database configuration files and source code files can also be exposed.
Impact Analysis

This vulnerability can have several impacts if exploited:

  • Attackers can read sensitive system files, potentially gaining information about user accounts and system configuration.
  • Exposure of database configuration files can lead to credential leaks, which may facilitate further attacks such as database compromise.
  • Access to source code and other sensitive application data can reveal internal logic and security mechanisms, aiding attackers in crafting more effective attacks.
  • The vulnerability can be exploited remotely without any authentication, increasing the risk and ease of attack.
Detection Guidance

This vulnerability can be detected by attempting to access sensitive files through the vulnerable parameter "file" in the download.php endpoint. Using curl commands to request known system files or application files can help identify if the path traversal is possible.

  • curl "http://<target-host>/onlinelot/download.php?file=C:\Windows\win.ini" to check Windows system file access.
  • curl "http://<target-host>/onlinelot/download.php?file=C:/Windows/System32/drivers/etc/hosts" to check access to the hosts file.
  • curl "http://<target-host>/onlinelot/download.php?file=./index.php" to check if application source files can be read.
Mitigation Strategies

Immediate mitigation steps include implementing input validation and restricting file access to prevent path traversal attacks.

  • Use whitelist verification by restricting file access to a specific directory using realpath() and ensure the resolved path is within the allowed directory.
  • Use basename() to strip directory traversal sequences and prevent "../" attacks.
  • Restrict the types of files that can be read to safe types such as documents and images.
  • Disable directory listing and configure the server to prevent directory traversal.
Compliance Impact

The vulnerability allows attackers to read sensitive files on the server, including database configuration files containing credentials and other sensitive application data, without authentication.

This exposure of sensitive information could lead to unauthorized access to personal data or protected health information, potentially resulting in non-compliance with regulations such as GDPR and HIPAA that require protection of such data.

Therefore, exploitation of this vulnerability may compromise confidentiality requirements mandated by these standards, increasing the risk of data breaches and regulatory penalties.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7132. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart