A high-severity vulnerability has been identified in the Thembay Nika product, which could allow an attacker to read sensitive files on the server. By exploiting this flaw, an unauthorized individual could access system configuration files, user data, or other confidential information, potentially leading to a full system compromise. Immediate patching is required to mitigate the significant risk to data confidentiality and system integrity.

The vulnerability is a Local File Inclusion (LFI) flaw resulting from the improper sanitization of user-supplied input used in PHP include or require statements. An attacker can manipulate input parameters, typically using directory traversal sequences (e.g., ../), to force the application to include and execute or display arbitrary local files from the server's file system. Successful exploitation can lead to the disclosure of sensitive information, such as configuration files containing credentials, or potentially achieve remote code execution if the attacker can control the content of an included file (e.g., by poisoning a log file).

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could have a significant negative impact on the organization, leading to the breach of sensitive data, including customer information, intellectual property, and system credentials. This exposure could result in severe reputational damage, financial loss, and potential regulatory fines for non-compliance with data protection standards. If an attacker leverages this LFI to achieve code execution, it could lead to a complete compromise of the affected server, providing a foothold for further attacks within the network.

Immediate Action: Apply the security updates provided by the vendor immediately to patch the vulnerability. Before and after patching, closely monitor web server access logs and application logs for any signs of exploitation attempts, such as requests containing directory traversal patterns or attempts to access common system files.

Proactive Monitoring: Implement monitoring and alerting for suspicious activity in web server logs. Specifically, look for URL patterns containing ../, %2e%2e/, or absolute file paths (e.g., /etc/passwd, C:\boot.ini). Monitor for unexpected outbound network connections from the web server and any unusual processes spawned by the web server's user account, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules designed to detect and block LFI and directory traversal attack patterns. Additionally, harden the server's file system permissions to restrict the web server process from reading sensitive files outside of its root directory. Ensure PHP configurations like allow_url_include are disabled to prevent related remote file inclusion attacks.

Public Exploit Available: false

Given the High severity (CVSS 7.5) of this vulnerability and its potential for severe data compromise, it is imperative that the organization prioritizes immediate remediation. All affected instances of Thembay Nika must be patched without delay by applying the vendor-supplied security updates. While this CVE is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical nature warrants an urgent response to prevent opportunistic or targeted attacks that could lead to a significant security incident.