Unknown · Processmaker · CVE-2021-47978
**Name of the Vulnerable Software and Affected Versions**
ProcessMaker version 3.5.4
**Description**
Improper path traversal validation allows unauthenticated attackers to read arbitrary files. By sending requests containing directory traversal sequences, an attacker can access sensitive system files, such as '/etc/passwd'.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.