Chengdu Flash Flood Disaster Monitoring and Warning System FileHandler.ashx absolute path traversal
Description
A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Absolute path traversal in Chengdu Flash Flood Monitoring System 2.0 allows remote attackers to read arbitrary files via the FileDirectory parameter.
Vulnerability
A problematic absolute path traversal vulnerability exists in Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0. The issue affects the \Service\FileHandler.ashx endpoint. By manipulating the FileDirectory argument, an attacker can traverse outside the intended directory. The vulnerable code resides in the assembly \bin\MFCW.Web.dll within the class MFCW.Web.Service.FileHandler [1]. No authentication is required to reach the vulnerable code path.
Exploitation
The attack can be initiated remotely without authentication. A proof-of-concept URL has been publicly disclosed [1]:
http://xx.xx.xx.xx/Service/FileHandler.ashx?Action=Download&FileDirectory=E:/SCWJ/Official/Web/MFCW/&FileName=web.config&FileSourceName=web
By modifying the FileDirectory parameter, an attacker can specify arbitrary absolute paths on the server's filesystem.
Impact
Successful exploitation allows an attacker to read arbitrary files from the server's filesystem, leading to information disclosure. The vulnerability effectively enables arbitrary file reading, potentially exposing sensitive configuration files, source code, or other confidential data.
Mitigation
As of the publication date (2023-08-05), no official patch or fixed version has been announced by the vendor. The vendor website is listed as http://www.cdwanjiang.com/ [1]. No workaround details are provided in the available references. Users should restrict network access to this endpoint and monitor for vendor updates.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Chengdu/Flash Flood Disaster Monitoring and Warning Systemv5Range: 2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input validation on the FileDirectory argument allows absolute path traversal, enabling arbitrary file reads."
Attack vector
An attacker sends an HTTP GET request to `/Service/FileHandler.ashx` with parameters `Action=Download`, `FileDirectory` set to an arbitrary absolute path (e.g., `E:/SCWJ/Official/Web/MFCW/`), `FileName` set to the target file (e.g., `web.config`), and `FileSourceName` set to any value [ref_id=1]. The server does not restrict the `FileDirectory` parameter, so the attacker can read any file on the server's filesystem. The attack is remotely exploitable with no authentication required.
Affected code
The vulnerability resides in the file `\Service\FileHandler.ashx` of the Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. The tracking class is `MFCW.Web.Service.FileHandler` inside `\bin\MFCW.Web.dll` [ref_id=1]. The handler processes the `FileDirectory` argument without proper validation, allowing an absolute path traversal.
What the fix does
No patch has been published for this vulnerability. The advisory does not include a fix or remediation guidance from the vendor [ref_id=1]. To close the vulnerability, the application should validate that the `FileDirectory` parameter resolves to a path within an allowed base directory, rejecting any absolute paths or paths containing traversal sequences.
Preconditions
- networkThe target server must be running Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 with the FileHandler.ashx endpoint exposed.
- authNo authentication is required; the endpoint is publicly accessible.
Reproduction
Send a crafted HTTP GET request to the vulnerable endpoint: `http://
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- github.com/nagenanhai/cve/blob/main/duqu2.mdmitreexploit
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.