/module/admin_conf/download.php $_GET["file"] variable exists arbitrary file download vulnerability

[hi-KK]

Hello, I found that there are some problems with eonweb, hoping to help you and your work /module/admin_conf/download.php

if(isset($_GET["file"])){
    $dwn="/tmp/".$_GET["file"];
    header("Content-type: application/octet-stream");
    header("Content-Disposition: attachment; filename=".$_GET["file"]);
    flush(); 
    readfile($dwn);
}

'$_GET["file"]' is not filtered,and exists arbitrary file download vulnerability So when we open this url: https://localhost/module/admin_conf/download.php?file=../../etc/passwd it would download the file '/etc/passwd'

and we can get the contents of this file

[jeanphilippelevy]

Fix here : 3163221240db69d417cf6bb8456f87653d472f21

Thank you for the advice !