Zetha

**Name of the Vulnerable Software and Affected Versions** CaLogic versions 1.22 and earlier **Description** The issue allows remote attackers to obtain sensitive information via a direct request to several API endpoints, including "doclsqlres.php", "clmcpreload.php", "viewhistlog.php", "mcconfig.php", "doclsqlbak.php", "defcalsel.php", or "cl minical.php". These endpoints reveal the path in an error message, potentially exposing sensitive information. **Recommendations** For CaLogic versions 1.22 and earlier, as a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available. Avoid making direct requests to these endpoints to minimize the risk of exploitation.