CVE-2017-17992

Name of the Vulnerable Software and Affected Versions Biometric Shift Employee Management System (affected versions not specified)

Description The issue allows for Arbitrary File Download via directory traversal sequences. This is achieved by manipulating the form file name parameter in a download form action within the index.php file.

Recommendations As a temporary workaround, consider restricting access to the download form action in index.php to minimize the risk of exploitation. Avoid using the form file name parameter in the affected index.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.