CVE-2019-10265

Name of the Vulnerable Software and Affected Versions Ahsay Cloud Backup Suite versions prior to 8.1.1.50

Description An issue was discovered that allows changing the directory in the JavaScript code on the "File Explorer" screen, accessible via the /cbs/system/ShowAdvanced.do endpoint. This enables browsing of the whole server if the directory is changed, for example, to "C:".

Recommendations For versions prior to 8.1.1.50, update to version 8.1.1.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the /cbs/system/ShowAdvanced.do endpoint to minimize the risk of exploitation.