A high-severity vulnerability has been identified in multiple CocoBasic Caliris products, allowing an attacker to read sensitive files on the server. This flaw, known as a Local File Inclusion, could be exploited to expose confidential data such as configuration files, user credentials, and system information. Successful exploitation could lead to a full system compromise, data breaches, and significant operational disruption.

The vulnerability is a Local File Inclusion (LFI) flaw resulting from the improper sanitization of user-supplied input used in PHP include or require statements. An unauthenticated attacker can manipulate input parameters, typically in a URL, to include directory traversal sequences (e.g., ../). This tricks the application into including and potentially executing or displaying the contents of arbitrary files from the local filesystem, limited only by the web server's file system permissions.

This is a High severity vulnerability with a CVSS score of 8.1. Exploitation could have severe consequences for the business, including a major data breach through the theft of sensitive information like database credentials, API keys, or customer data stored on the server. An attacker could leverage this access to achieve remote code execution by tricking the application into including a previously uploaded file or by poisoning log files with malicious PHP code. This could lead to a complete compromise of the server, reputational damage, financial loss, and regulatory penalties.

Immediate Action: Apply vendor-supplied security updates immediately to all affected systems. Prioritize patching on internet-facing systems to reduce the attack surface. After patching, review web server access logs for any signs of compromise that may have occurred before the update was applied.

Proactive Monitoring: Monitor web server access logs for suspicious requests containing directory traversal patterns (../, %2e%2e%2f), absolute file paths (/etc/passwd), or PHP filter wrappers (php://filter). Implement file integrity monitoring (FIM) to detect unauthorized changes to application files. Monitor for unusual outbound network connections from the web server, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rulesets designed to detect and block LFI and directory traversal attacks. Harden the PHP configuration by ensuring a restrictive open_basedir is set, which limits the files that PHP can access on the filesystem. Ensure the web server process runs with the lowest possible user privileges to limit the impact of a potential breach.

Public Exploit Available: false

This vulnerability represents a significant risk to the organization due to its high severity (CVSS 8.1) and the potential for complete system compromise. The primary and most effective mitigation is to apply the vendor-provided security patches across all affected assets without delay. Although this CVE is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity and the ease of potential exploitation warrant immediate attention. Organizations should prioritize patching and supplement this with proactive monitoring and the implementation of compensating controls to ensure a robust defense-in-depth posture.