CVE-2018-25094

Name of the Vulnerable Software and Affected Versions ระบบบัญชีออนไลน์ Online Accounting System versions up to 1.4.0

Description A problematic issue affects the processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 1.4.0, upgrade to version 2.0.0 to address this issue. As a temporary workaround, consider restricting access to the vulnerable file ckeditor/filemanager/browser/default/image.php until the upgrade is applied. Avoid using the argument fid with potentially malicious input in the affected file.