Qq_52469895

**Name of the Vulnerable Software and Affected Versions** cashbook version 4.0.3 **Description** The issue is related to an arbitrary file read vulnerability. It affects the "/api/entry/flow/invoice/show?invoice=" API endpoint, where the `invoice` parameter is involved. **Recommendations** For version 4.0.3, consider restricting access to the `/api/entry/flow/invoice/show?invoice=` API endpoint until a patch is available. As a temporary workaround, avoid using the `invoice` parameter in the affected API endpoint.