CVE-2021-44674
Description
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated path traversal in Open-AudIT 4.2.0 allows reading arbitrary files outside the restricted directory.
Vulnerability
An information exposure vulnerability exists in Opmantek Open-AudIT version 4.2.0. The issue is a path traversal flaw in the image upload and download functionality. When handling image attachments, the application did not properly sanitize the filename before passing it to readfile() and basename(). An authenticated attacker can use directory traversal sequences (e.g., ../) in the filename to read files outside the intended custom_images directory. The proof of concept is visible in the fix commit [3], where the patched code restricts the path to $_SERVER['DOCUMENT_ROOT'] . '/open-audit/custom_images/' and uses basename() on the filename.
Exploitation
To exploit this, an attacker must have a valid authenticated session in Open-AudIT 4.2.0. The attacker can craft a request to download a sub-resource (image attachment) with a filename containing path traversal characters, such as ../../etc/passwd. The vulnerable code path sub_resource_download() would then execute readfile($attachment[0]->attributes->filename) without validating the path, thus reading the file outside the restricted directory. Prior to the fix, the filename was extracted from a split by slash; the patch replaces this with basename() to prevent traversal.
Impact
Successful exploitation allows an authenticated attacker to read arbitrary files on the server filesystem that the web server user has access to. This can lead to disclosure of sensitive configuration files, application source code, or other data. The Common Vulnerability Scoring System (CVSS) score is not provided in the available references, but this is a classic path traversal with high confidentiality impact.
Mitigation
The vulnerability is fixed in Open-AudIT version 4.3.0, released according to the community release notes [1]. Users should upgrade immediately to version 4.3.0 or later. No workaround is provided for version 4.2.0. The fix is visible in commit d27b649 [3], which restricts the file read path and sanitizes the filename with basename(). The vendor recommends updating to the latest version.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Opmantek/Open-AudITdescription
- Range: =4.2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- open-audit.commitrex_refsource_MISC
- opmantek.commitrex_refsource_MISC
- community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v4.3.0mitrex_refsource_MISC
- github.com/Opmantek/open-audit/commit/d27b649283aa6a01a15e5a3df1520d7aa69a5e18mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.