A high-severity vulnerability has been identified in multiple immonex products, specifically impacting the Kickstart Team software. This flaw, a Local File Inclusion (LFI), could allow an unauthenticated attacker to trick the application into accessing and potentially executing unauthorized files on the server. Successful exploitation could lead to sensitive data disclosure, information leakage, or a complete compromise of the affected server.

The vulnerability is an Improper Control of a Filename for an Include/Require Statement in a PHP program, commonly known as Local File Inclusion (LFI). An attacker can manipulate an input parameter, likely within a URL, to specify a path to a file on the local server. The vulnerable application fails to properly sanitize this input, causing it to include and process the specified file, which could result in the disclosure of its contents or, under certain conditions, execution of code contained within the file.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could have a significant business impact by exposing sensitive corporate or customer data stored on the server, such as configuration files containing database credentials, system passwords, or proprietary application code. This breach of confidentiality and integrity could lead to further system compromise, reputational damage, regulatory fines, and financial loss.

Immediate Action: The primary remediation is to apply the security updates provided by immonex immediately across all affected systems. After patching, system administrators should review web server and application access logs for any signs of exploitation attempts that may have occurred prior to the update.

Proactive Monitoring: Implement continuous monitoring of web server logs, specifically looking for suspicious URL patterns containing directory traversal sequences (e.g., ../, ..%2f, ..\\) or requests for sensitive system files (e.g., /etc/passwd, C:\Windows\win.ini). Monitor for any unusual file read operations by the web server process or unexpected outbound network traffic from the affected servers.

Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:

• Deploy a Web Application Firewall (WAF) with rules designed to detect and block LFI attack patterns.
• Harden the server's PHP configuration by restricting file access with the open_basedir directive to prevent the application from accessing files outside of its intended directories.
• Enforce the principle of least privilege by ensuring the web server's user account has restrictive read/write permissions on the filesystem.

Public Exploit Available: false

Given the high severity (CVSS 7.5) of this vulnerability, immediate action is required. Organizations must prioritize the deployment of vendor-supplied patches to all affected immonex products. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its potential for sensitive data exposure and system compromise presents a significant risk. We strongly recommend applying the security updates without delay and implementing the proactive monitoring measures outlined above to ensure system integrity.