Plattform
php
Behoben in
1.0.1
A critical path traversal vulnerability has been identified in code-projects Document Management System versions 1.0. This flaw allows attackers to manipulate the 'ID' argument within the '/dell.php' file, potentially leading to unauthorized access and file disclosure. Affected versions include 1.0, and a patch is available in version 1.0.1.
The path traversal vulnerability in Document Management System allows an attacker to bypass intended access controls and read arbitrary files on the server. By crafting a malicious request that manipulates the 'ID' parameter in '/dell.php', an attacker can traverse directories and access sensitive data, such as configuration files, source code, or even user data. This could lead to data breaches, system compromise, and further exploitation. While the description doesn't specify a particular file, the potential for accessing critical system files is significant.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. The exploit is considered relatively straightforward, potentially lowering the barrier to entry for attackers. No KEV listing or EPSS score is currently available. The public disclosure date (2025-08-01) indicates that attackers may already be actively scanning for vulnerable systems.
Organizations using the code-projects Document Management System in versions 1.0 are at risk. This includes those deploying the system on shared hosting environments, as the vulnerability could be exploited to access files on other users' accounts. Systems with default configurations or those lacking robust input validation are particularly vulnerable.
• php / web:
curl -I 'http://your-server/dell.php?ID=../../../../etc/passwd' | grep 'HTTP/1.1 200 OK'• generic web:
curl -I 'http://your-server/dell.php?ID=../../../../etc/passwd' | grep '403 Forbidden'• generic web:
grep -r 'dell.php?ID=' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.07% (22% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-8433 is to upgrade to version 1.0.1 of the Document Management System. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter requests containing path traversal sequences in the 'ID' parameter of '/dell.php'. Specifically, block requests containing sequences like '../' or '\\'. Additionally, review file permissions on the server to ensure that sensitive files are not accessible by the web server user. After upgrading, confirm the fix by attempting to access a file outside the intended directory via the /dell.php endpoint; access should be denied.
Actualizar a una versión parcheada del sistema de gestión de documentos. Si no hay una versión parcheada disponible, revisar y sanear la entrada del parámetro ID en el archivo dell.php para evitar el recorrido de directorios. Validar que el archivo a eliminar se encuentre dentro del directorio esperado.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-8433 is a path traversal vulnerability in Document Management System versions 1.0, allowing attackers to access unauthorized files by manipulating the 'ID' parameter in '/dell.php'.
You are affected if you are using Document Management System version 1.0. Upgrade to version 1.0.1 to mitigate the vulnerability.
Upgrade to version 1.0.1. As a temporary workaround, implement a WAF rule to block requests containing path traversal sequences in the '/dell.php' endpoint.
While no confirmed exploitation is publicly reported, the vulnerability has been disclosed, increasing the risk of exploitation.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2025-8433.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.