A high-severity vulnerability has been identified in multiple DevsBlink EduBlink products, specifically within the EduBlink Core component. This flaw, a Local File Inclusion (LFI), could allow an unauthenticated attacker to read sensitive files from the underlying server by manipulating file paths in a web request. Successful exploitation could lead to the exposure of critical data, such as configuration files, user credentials, and application source code.

The vulnerability exists due to improper input validation on filenames used in PHP include or require statements within the edublink-core component. An attacker can exploit this by crafting a request that includes directory traversal sequences (e.g., ../). This tricks the application into including a local file from the server's filesystem, exposing its contents within the HTTP response and potentially leading to sensitive information disclosure.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could result in a significant data breach, exposing confidential information stored on the web server. This includes database credentials, API keys, system configuration files, and proprietary source code. Such a breach could facilitate further attacks, lead to a full system compromise, cause operational disruption, and result in severe reputational damage and potential regulatory fines.

Immediate Action: Apply the security updates provided by DevsBlink immediately across all affected systems to patch the vulnerability. In parallel, security teams should actively monitor for any signs of exploitation attempts by reviewing web server and application access logs for suspicious patterns.

Proactive Monitoring: Monitor web server access logs for requests containing directory traversal characters (e.g., ../, ..%2f, %2e%2e%2f) in URL parameters associated with the EduBlink application. Implement alerting for attempts to access common sensitive files such as /etc/passwd, /proc/self/environ, or application-specific configuration files (e.g., .env, wp-config.php).

Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block Local File Inclusion and directory traversal attack patterns. Additionally, ensure the web server process runs with the lowest possible privileges and is restricted from reading sensitive files outside of the web root directory.

Public Exploit Available: false

Given the High severity rating (CVSS 7.5) and the potential for sensitive data exposure, it is strongly recommended that organizations prioritize the immediate application of the vendor-supplied security patch. Although this vulnerability is not currently listed on the CISA KEV list, its nature makes it an attractive target for attackers. Organizations should treat this as a critical issue and implement the recommended remediation and monitoring actions without delay to mitigate the risk of a data breach.