CVE-2018-14927

Name of the Vulnerable Software and Affected Versions Matera Banco version 1.0.0

Description The issue allows for path traversal, enabling access to system files outside the default application folder. This is achieved via the "file" parameter in the /contingency/servlet/ServletFileDownload endpoint, and is related to the /contingency/web/receiptQuery/receiptDisplay.jsp file.

Recommendations For Matera Banco version 1.0.0, as a temporary workaround, consider restricting access to the /contingency/servlet/ServletFileDownload endpoint and the related /contingency/web/receiptQuery/receiptDisplay.jsp file to minimize the risk of exploitation. Avoid using the file parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.