CVE-2025-10232
📋 TL;DR
This CVE describes a path traversal vulnerability in 299ko CMS versions up to 2.0.0. Attackers can remotely exploit the getSentDir/delete function in FileManagerAPIController.php to access or delete files outside the intended directory. All users running vulnerable versions are affected.
💻 Affected Systems
- 299ko CMS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary file deletion or sensitive file exfiltration, potentially leading to data loss, service disruption, or further exploitation.
Likely Case
Unauthorized file access or deletion within the web server context, potentially exposing configuration files, user data, or application source code.
If Mitigated
Limited impact with proper file permissions and web server sandboxing, restricting damage to non-critical files.
🎯 Exploit Status
Exploit details are publicly available; attack requires remote access to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
Upgrade to a version above 2.0.0 if available; otherwise, apply manual code fixes or disable the vulnerable plugin.
🔧 Temporary Workarounds
Disable File Manager Plugin
allTemporarily disable the vulnerable file manager plugin to prevent exploitation.
Navigate to plugin management in 299ko admin panel and disable the file manager plugin.
Implement Input Validation
allAdd path traversal checks to the getSentDir/delete function in FileManagerAPIController.php.
Edit plugin/filemanager/controllers/FileManagerAPIController.php to sanitize user input using realpath() or similar functions.
🧯 If You Can't Patch
- Restrict network access to the 299ko instance using firewalls or network segmentation.
- Implement strict file system permissions to limit the web server user's access to sensitive directories.
🔍 How to Verify
Check if Vulnerable:
Check 299ko version in admin panel or by examining the CMS files; versions ≤2.0.0 are vulnerable.Check Version:
Check the version in the admin dashboard or look for version info in core files.Verify Fix Applied:
Test the file manager functionality with path traversal payloads; successful blocking indicates fix.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs, especially requests to FileManagerAPIController.php with directory traversal sequences (../).
Network Indicators:
- HTTP requests containing path traversal strings targeting the vulnerable endpoint.
SIEM Query:
Search web logs for 'FileManagerAPIController.php' AND ('../' OR '..\\' OR '%2e%2e%2f')