CVE-2018-14957

Name of the Vulnerable Software and Affected Versions CMS ISWEB version 3.5.3

Description The issue allows for directory traversal and local file download. This can be demonstrated through the "moduli/downloadFile.php" endpoint with a file parameter set to oggetto documenti/../.././inc/config.php, potentially allowing an attacker to gain control of the application due to credentials being present in the config.php file.

Recommendations For CMS ISWEB version 3.5.3, consider restricting access to the moduli/downloadFile.php endpoint or implementing validation on the file parameter to prevent directory traversal attacks. As a temporary workaround, consider removing or securing the config.php file to prevent credential exposure until a patch is available.