CVE-2024-22723 | Webtrees Vulnerability: Uncovering Sensitive Data Through Path Traversal

CUPC4K3
2 min readFeb 22, 2024

Webtrees is a free open source web-based genealogy application intended for collaborative use.

Version Webtrees 2.1.18

As an administrator logged into the application, I had access to the “Manage Media” section. However, I noticed that it was not possible to directly edit the ‘media/’ directory within the application interface.

Upon examining the application’s URL structure, I encountered the “media_folder” parameter, which is linked to the media folder. To probe further, I inserted ‘..’ after the ‘%2F’ in the URL, which represents a forward slash (‘/’) in URL encoding. By doing this, I successfully navigated back one directory level in the application’s file system.

This maneuver allowed me to access several sensitive files within the application. Most notably, I could open the ‘config.ini.php’ file. This file contained critical information about the application’s database, including the database username (‘dbuser=’) and password (‘dbpass=’), which were plainly listed.

--

--

CUPC4K3

Offensive Security | Cyber Security | Security Researcher | Red Team | Pentest