Path Traversal - Wine Export
TaintedPort
Vuln ID
TP-014
Title
Path Traversal - Wine Export
Severity
high
Type
Path Traversal
HTTP Method
GET
URL
/wines/export/:filename
Parameter
filename
Filename
-
Code Location
backend/api/controllers/WineController.php line 79
Description
The wine export endpoint serves files from an exports directory but does not sanitize the filename parameter. Allows reading arbitrary server files.
Proof of Concept
GET /wines/export/../../api/config/jwt.php (leaks JWT secret)
GET /wines/export/../../database.db (leaks entire database)Remediation
Use basename() to strip directory traversal sequences, or validate realpath stays within the base directory.