CVE-2022-46306

Name of the Vulnerable Software and Affected Versions ChangingTec ServiSign (affected versions not specified)

Description The issue is related to a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, triggering the component to load malicious DLL files under an arbitrary file path. This allows the attacker to perform arbitrary system operations and disrupt service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.