CVE-2023-4172

Name of the Vulnerable Software and Affected Versions Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0

Description A problematic issue has been found in the system, affecting the file ServiceFileHandler.ashx. The manipulation of the FileDirectory argument leads to absolute path traversal. The attack can be initiated remotely.

Recommendations For version 2.0, consider restricting access to the FileHandler.ashx file to minimize the risk of exploitation. As a temporary workaround, avoid using the FileDirectory argument in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.