A critical vulnerability has been identified in the thembay Greenmart software, rated 9.8 out of 10. This flaw allows an unauthenticated remote attacker to include and execute files on the server, potentially leading to a complete system compromise. Successful exploitation could result in data theft, malware installation, or the server being used for further malicious activities.

The vulnerability is an Improper Control of a Filename for an Include/Require Statement, commonly known as a Local File Inclusion (LFI). An attacker can manipulate an input parameter used by the application's PHP code to force it to include a file from the server's local filesystem. By crafting a request with directory traversal characters (e.g., ../), an attacker can read sensitive files (such as configuration files containing credentials or system files like /etc/passwd) or execute arbitrary code if they can control the contents of an included file (e.g., by poisoning a log file or uploading a malicious file).

This vulnerability is of critical severity with a CVSS score of 9.8, posing a significant and immediate threat to the business. A successful exploit could lead to a complete compromise of the web server, resulting in severe consequences such as the theft of sensitive customer data, financial information, or intellectual property. The attacker could also deploy ransomware, deface the website, or use the compromised server as a pivot point to attack other internal network resources, leading to major business disruption, reputational damage, and potential regulatory fines.

Immediate Action: Immediately update the thembay Greenmart software to the latest version available from the vendor (a version later than 4.2.11). After patching, actively monitor web server logs for any signs of exploitation attempts that may have occurred prior to remediation.

Proactive Monitoring: Security teams should monitor web server access logs for requests containing directory traversal patterns (e.g., ../, %2e%2e/) in URL parameters. Monitor for outbound network connections to unknown or suspicious IP addresses from the web server. File Integrity Monitoring (FIM) should be used to detect unauthorized changes to application files or the creation of new files in web-accessible directories.

Compensating Controls: If immediate patching is not feasible, the following controls can help mitigate risk:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block Local File Inclusion and directory traversal attacks.
• Harden PHP configurations by ensuring allow_url_include is set to Off.
• Enforce strict file system permissions to limit the web server process's ability to read files outside of the web root directory.

Public Exploit Available: false

Due to the critical severity (CVSS 9.8) of this vulnerability, immediate action is required. We strongly recommend that organizations patch all affected instances of thembay Greenmart without delay. While this vulnerability is not yet on the CISA KEV list, its potential for complete system compromise means it should be treated with the highest priority. If patching cannot be performed immediately, implement compensating controls, particularly a WAF, and actively hunt for indicators of compromise.