A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: ‘../filedir’.

The identification of this vulnerability is CVE-2018-25094. The attack needs to be done within the local network. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.