A high-severity vulnerability has been identified in multiple ThemeMove Businext products, which could allow an unauthenticated attacker to read sensitive files from the underlying server. Successful exploitation could lead to the exposure of confidential data, such as website credentials and system configuration files. Organizations are urged to apply the vendor-supplied security update immediately to mitigate the risk of a data breach.

The vulnerability is a Local File Inclusion (LFI) flaw due to an improper control of filenames used in PHP's include or require statements. An attacker can exploit this by manipulating an input parameter to force the application to include and display the contents of arbitrary files on the server's local filesystem. For example, an attacker could craft a request to read sensitive files like wp-config.php (containing database credentials) or system files like /etc/passwd.

This vulnerability is rated as High severity with a CVSS score of 8.2. Exploitation could lead to significant business impact, including the compromise of sensitive corporate data, customer information, and intellectual property. The exposure of credentials could allow an attacker to gain deeper access to the network, potentially leading to a full system compromise. The resulting data breach could cause severe reputational damage, regulatory fines, and financial loss.

Immediate Action: Apply the security updates provided by ThemeMove to all affected products without delay. After patching, it is critical to monitor web server access logs and application logs for any signs of attempted or successful exploitation that may have occurred prior to remediation.

Proactive Monitoring: System administrators should actively monitor web server logs for suspicious requests containing directory traversal patterns (e.g., ../, ..\/) or requests attempting to access common sensitive file paths. Implementing file integrity monitoring (FIM) on critical application and system files can help detect unauthorized access or changes.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically configured to detect and block LFI and directory traversal attack patterns. Additionally, harden the server's PHP configuration by ensuring allow_url_include is disabled and restricting file system access with the open_basedir directive to prevent the application from accessing unauthorized file paths.

Public Exploit Available: false

Given the high CVSS score of 8.2 and the potential for sensitive data exposure, we strongly recommend that organizations prioritize the immediate application of the vendor-provided security patches. Although this vulnerability is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its severity makes it an attractive target for threat actors. Proactive patching is the most effective defense to prevent potential compromise and subsequent data breaches.