Neojapan · Neojapan Desknet Neo · CVE-2015-2990
**Name of the Vulnerable Software and Affected Versions**
NEOJAPAN desknet NEO versions 2.0R1.0 through 2.5R1.4
**Description**
A directory traversal issue exists in zhtml.cgi, allowing remote authenticated users to read arbitrary files by providing a crafted parameter.
**Recommendations**
For versions 2.0R1.0 through 2.5R1.4, consider restricting access to the zhtml.cgi script until a fix is available. As a temporary workaround, avoid using crafted parameters that could exploit the directory traversal issue in zhtml.cgi.