CVE-2019-17326

Name of the Vulnerable Software and Affected Versions ClipSoft REXPERT versions 1.0.0.527 and earlier

Description The issue allows a remote attacker to delete arbitrary files by issuing an HTTP GET request with a specially crafted parameter. This requires user interaction, where the target must visit a malicious web page.

Recommendations For ClipSoft REXPERT versions 1.0.0.527 and earlier, consider restricting access to the affected parameter until a fix is available. As a temporary workaround, avoid using the vulnerable parameter in HTTP GET requests to minimize the risk of exploitation.