Ste@Lth

**Name of the Vulnerable Software and Affected Versions** AR Web Content Manager (AWCM) version 2.2 **Description** The issue allows remote attackers to read arbitrary files and possibly have other unspecified impact. This is achieved by exploiting directory traversal vulnerabilities using a .. (dot dot) in the `awcm theme` or `awcm lang` cookie to access "index.php" or "header.php" API endpoints. **Recommendations** For AR Web Content Manager (AWCM) version 2.2, as a temporary workaround, consider restricting access to the `awcm theme` and `awcm lang` cookies to minimize the risk of exploitation. Additionally, restrict access to the "index.php" and "header.php" API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.