Pich4Ya

**Name of the Vulnerable Software and Affected Versions** ระบบบัญชีออนไลน์ Online Accounting System versions up to 1.4.0 **Description** A problematic issue affects the processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument `fid` with the input ../../../etc/passwd leads to path traversal. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 1.4.0, upgrade to version 2.0.0 to address this issue. As a temporary workaround, consider restricting access to the vulnerable file ckeditor/filemanager/browser/default/image.php until the upgrade is applied. Avoid using the argument `fid` with potentially malicious input in the affected file.