A critical vulnerability has been identified in the AncoraThemes EasyEat software, assigned a severity score of 9.8 out of 10. This flaw allows an unauthenticated attacker to read sensitive files from the underlying server, such as configuration files containing passwords or private user data. Successful exploitation could lead to a complete compromise of the web server, resulting in significant data breaches and operational disruption.

The vulnerability is a Local File Inclusion (LFI) flaw. The application fails to properly sanitize user-supplied input that is used to construct a file path for an include or require statement in its PHP code. An attacker can exploit this by crafting a malicious request that includes directory traversal sequences (e.g., ../) to navigate the server's file system and include arbitrary files, which are then rendered to the attacker. This can expose sensitive information, such as system user lists (/etc/passwd), application source code, and configuration files containing database credentials.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation of this flaw can lead to severe business consequences, including a full-scale data breach through the theft of sensitive corporate or customer information. An attacker could leverage exposed credentials to pivot deeper into the network, leading to a complete system compromise. The resulting reputational damage, financial loss from incident response, and potential regulatory fines for data exposure pose a significant risk to the organization.

Immediate Action: Update AncoraThemes EasyEat to the latest version that addresses this vulnerability. After patching, monitor for any post-update exploitation attempts and review historical access logs for signs of compromise prior to the update.

Proactive Monitoring: Security teams should actively monitor web server access logs for requests containing directory traversal patterns (e.g., ../, ..%2f, %2e%2e%2f) in URL parameters. Implement intrusion detection system (IDS) or web application firewall (WAF) rules to detect and block LFI attack signatures. Monitor for any unusual file access patterns by the web server process.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Deploy a Web Application Firewall (WAF) with a strict ruleset to block directory traversal and file inclusion attacks.
• Harden server permissions to ensure the web server's user account has read access only to the directories and files absolutely necessary for its operation.
• If possible, configure PHP settings (e.g., open_basedir) to restrict the locations from which files can be included.

Public Exploit Available: false

This vulnerability represents a critical risk to the organization and requires immediate attention. All instances of AncoraThemes EasyEat version 1.9.0 and earlier must be updated to the latest patched version immediately as the primary remediation step. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high severity score and the ease of exploitation make it a prime candidate for future inclusion. Due to the high potential for data exfiltration and full system compromise, patching should be considered the highest priority.