A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input
../../../etc/passwd
leads to path traversal: ‘../filedir’.
The identification of this vulnerability is CVE-2018-25094. The attack needs to be done within the local network. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.