CVE-2024-46212

Vulnerability

Analysis

CVE-2024-46212 is a directory traversal vulnerability in REDAXO CMS version 5.17.1, specifically in the /index.php?page=backup/export component. The root cause lies in the addFolderToTar method within the backup addon's backup.php file, which uses opendir() on the user-supplied directory parameter without sanitization, allowing path traversal sequences [1][2].

Exploitation

An attacker must first authenticate as an administrator. They then navigate to the AddOns-Backup page, initiate a file backup, and intercept the request using a proxy like Burp Suite. By modifying the EXPDIR parameter to include path traversal sequences (e.g., ../../etc), the server will include arbitrary directories in the generated tar archive, which is then downloaded [2].

Impact

Successful exploitation enables an attacker to download sensitive files from the server, such as /etc/passwd, configuration files, or any other readable file. This can lead to further compromise of the CMS and underlying system [2].

Mitigation

As of the publication date, no official patch has been released. Users should restrict administrative access to trusted personnel, monitor backup requests for anomalous EXPDIR values, and consider applying file system permissions to limit the impact of a successful attack. Upgrading to a newer version when available is recommended [1][2].