CVE-2022-22914
📋 TL;DR
This vulnerability allows authenticated attackers in Ovidentia CMS 6.0 to perform path traversal attacks through the FileManager component, enabling unauthorized viewing and downloading of files from the upload directory. It affects any Ovidentia CMS 6.0 installation with authenticated user access. The issue stems from improper access control that fails to validate file paths.
💻 Affected Systems
- Ovidentia CMS
📦 What is this software?
Ovidentia by Ovidentia
⚠️ Risk & Real-World Impact
Worst Case
Attackers could exfiltrate sensitive files from the upload directory, potentially including confidential documents, user-uploaded private content, or system files if directory permissions allow traversal beyond intended boundaries.
Likely Case
Authenticated users can access files they shouldn't have permission to view, leading to information disclosure of uploaded content that may contain sensitive business or user data.
If Mitigated
With proper file system permissions restricting access to upload directories and web server configuration limiting directory traversal, impact would be limited to files already accessible through normal application functions.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward via path traversal techniques. Public proof-of-concept exists in the referenced GitLab repository.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: http://ovidentia.com
Restart Required: No
Instructions:
Check Ovidentia website for security updates. Since this is version 6.0, upgrading to a newer supported version may be required if available.
🔧 Temporary Workarounds
Restrict FileManager Access
allDisable or restrict access to the FileManager component for non-admin users
Implement Web Application Firewall Rules
allBlock path traversal patterns in requests to FileManager endpoints
🧯 If You Can't Patch
- Implement strict file system permissions on upload directories to prevent unauthorized access
- Monitor FileManager access logs for path traversal patterns and investigate suspicious activity
🔍 How to Verify
Check if Vulnerable:
Test authenticated access to FileManager with path traversal payloads (e.g., '../../' sequences) to see if you can access files outside intended upload directoryCheck Version:
Check Ovidentia CMS version in administration panel or configuration filesVerify Fix Applied:
Retest with same path traversal attempts after implementing controls - successful attempts should be blocked📡 Detection & Monitoring
Log Indicators:
- Multiple failed path traversal attempts in FileManager logs
- Unusual file access patterns from authenticated users
- Requests containing '../' sequences to FileManager endpoints
Network Indicators:
- HTTP requests with path traversal patterns to FileManager URLs
- Unusual file download patterns from upload directories
SIEM Query:
source="web_logs" AND (uri="*FileManager*" AND (uri="*../*" OR uri="*..\\*"))