Nltt0

**Name of the Vulnerable Software and Affected Versions** Boss Mini version 1.4.0 Build 6221 **Description** A critical issue affects an unknown part of the file boss/servlet/document, where the manipulation of the `path` argument leads to file inclusion. This can be initiated remotely. **Recommendations** For Boss Mini version 1.4.0 Build 6221, consider restricting access to the affected file boss/servlet/document to minimize the risk of exploitation. As a temporary workaround, avoid using the `path` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.