CVE-2018-25094 | ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 image.php fid path traversal

A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: ‘../filedir’.

The identification of this vulnerability is CVE-2018-25094. The attack needs to be done within the local network. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2018-25094 | ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 image.php fid path traversal

Post correlati

CVE-2024-3519 | Media Library Assistant Plugin up to 3.15 on WordPress lang cross site scripting

CVE-2023-7129 | code-projects Voting System 1.0 Voters Login voter sql injection

CVE-2024-22186 | Electrolink Compact DAB Transmitter cookie validation (icsa-24-107-02)

CVE-2024-36383 | Logpoint SAML Authentication up to 6.0.2 Filename state denial of service