CVE-2019-12314

Name of the Vulnerable Software and Affected Versions Deltek Maconomy version 2.2.5

Description The issue allows for local file inclusion via absolute path traversal. This can be achieved through the "WS.macx1.W MCS/" endpoint in the PATH INFO, as demonstrated by accessing a "cgi-bin/Maconomy/MaconomyWS.macx1.W MCS/etc/passwd" URI.

Recommendations For Deltek Maconomy version 2.2.5, consider restricting access to the "WS.macx1.W MCS/" endpoint to minimize the risk of exploitation. Avoid using absolute paths in the PATH INFO to prevent traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.