CVE-2018-19512

Name of the Vulnerable Software and Affected Versions Webgalamb versions prior to 7.0

Description A directory traversal vulnerability in system/ajax.php could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory. The issue is related to the "wgmfile restore" functionality.

Recommendations For versions prior to 7.0, consider restricting access to the system/ajax.php endpoint, specifically the "wgmfile restore" functionality, until a patch is available. As a temporary workaround, avoid using the "wgmfile restore" feature to minimize the risk of exploitation.