Galoget

**Name of the Vulnerable Software and Affected Versions** Thruk versions 3.06 and prior **Description** The issue concerns a Path Traversal vulnerability in the `panorama.pm` file, which allows an attacker to upload a file to any folder with write permissions on the affected system. The `location` parameter is not filtered, validated, or sanitized, accepting any characters. For a path traversal attack, only the dot (`.`) and the slash (`/`) characters are required. **Recommendations** For Thruk versions 3.06 and prior, update to version 3.06.2 to resolve the issue. As a temporary workaround, consider restricting access to the `panorama.pm` file until a patch is applied.