Dominator98

**Name of the Vulnerable Software and Affected Versions** IDURAR (affected versions not specified) **Description** The issue exists in the corePublicRouter.js file of IDURAR, an open-source ERP CRM accounting invoicing software. A public endpoint is accessible to unauthenticated users, and user input is directly appended to the join statement without checks, allowing attackers to send URL-encoded malicious payloads. This enables directory structure escape to read system files by adding an encoded string at a subpath location. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Audiobookshelf versions prior to 2.13.0 **Description** Audiobookshelf is a self-hosted audiobook and podcast server where a non-admin user is not allowed to create libraries or access only the ones they have permission to. However, the `LibraryController` is missing the check for admin user, allowing a path traversal issue. This enables non-admin users to write to any directory in the system, which can be restricted to only admin permissions, making it a Role-Based Access Control (RBAC) issue. The issue has been addressed in release version 2.13.0. **Recommendations** For versions prior to 2.13.0, upgrade to version 2.13.0 to resolve the issue. As a temporary workaround, consider restricting access to the `LibraryController` to minimize the risk of exploitation. There are no known workarounds for this vulnerability other than upgrading to the fixed version.