PT-2025-48667 · Solidsoft · Solidserver Ipam
Ramón Costales
·
Published
2025-12-02
·
Updated
2026-01-30
·
CVE-2025-13879
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
SOLIDserver IPAM version 8.2.3
Description
A directory traversal issue exists in SOLIDserver IPAM version 8.2.3. An authenticated user with administrator privileges can list directories beyond their authorized access. This is possible by manipulating the
directory parameter within the ''/mod/ajax.php?action=sections/list/list'' API endpoint. Specifically, setting the directory parameter to '/' reveals files outside the 'LOCAL:///' folder.Recommendations
Update to a newer version that contains a fix for this vulnerability.
As a temporary workaround, restrict access to the ''/mod/ajax.php?action=sections/list/list'' API endpoint.
Sanitize the
directory parameter to prevent directory traversal attempts.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solidserver Ipam