A critical vulnerability has been identified in the Nawawi Jamili Docket Cache software, rated with a CVSS score of 9.8. This flaw allows an unauthenticated remote attacker to include and execute arbitrary files on the server, potentially leading to a full system compromise, data theft, and installation of malicious software. Due to the critical severity and ease of exploitation, immediate remediation is strongly advised.

The vulnerability is a Local File Inclusion (LFI) flaw resulting from the improper sanitization of user-supplied input used in PHP's include or require statements. An attacker can craft a malicious request to manipulate the path of a file being included by the application. This allows them to read sensitive files from the server's local filesystem, such as configuration files containing credentials (wp-config.php), system user information (/etc/passwd), or application source code. In certain configurations, this LFI can be escalated to Remote Code Execution (RCE) by tricking the application into including a file containing attacker-controlled PHP code, such as a poisoned log file or a previously uploaded file.

With a critical severity rating and a CVSS score of 9.8, this vulnerability poses a severe and immediate threat to the business. Successful exploitation can lead to a complete compromise of the affected web server's confidentiality, integrity, and availability. Potential consequences include a major data breach of sensitive corporate or customer information, financial loss, reputational damage, and regulatory penalties. If escalated to code execution, an attacker could use the compromised server as a pivot point to launch further attacks against the internal network, install ransomware, or use the server in a botnet.

Immediate Action: Immediately update the Nawawi Jamili Docket Cache software to a version later than 24.07.03, as recommended by the vendor. After patching, it is crucial to monitor for any signs of post-compromise activity by reviewing web server access logs and system logs for suspicious requests or unauthorized changes that may have occurred before the patch was applied.

Proactive Monitoring: Implement enhanced monitoring on affected web servers. Specifically, search web server access logs for requests containing directory traversal patterns (e.g., ../, ..\/), absolute file paths, and PHP filter wrappers (e.g., php://filter). Monitor system processes for unusual activity originating from the web server's user account (e.g., www-data, apache).

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with strict rules designed to detect and block Local File Inclusion attempts. Additionally, harden the server's PHP configuration by disabling allow_url_include and restricting file system access for the web server user with open_basedir. These controls can reduce the risk but should be considered temporary measures until patching is complete.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability must be treated with the highest priority. All organizations using the affected versions of Docket Cache are urged to apply the necessary security updates immediately to prevent a potential system compromise. Although this CVE is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its severity makes it a prime candidate for future inclusion and widespread exploitation. Do not delay remediation.