CVE-2021-36123

Name of the Vulnerable Software and Affected Versions: Echo ShareCare version 8.15.5

Description: An issue was discovered in the TextReader feature, specifically in General/TextReader/TextReader.cfm, which is susceptible to a local file inclusion vulnerability. This occurs when processing remote input in the textFile parameter from an authenticated user, allowing the ability to read arbitrary files on the server filesystems as well as any files accessible via Universal Naming Convention (UNC) paths.

Recommendations: For Echo ShareCare version 8.15.5, consider disabling the TextReader feature or restricting access to the textFile parameter in the General/TextReader/TextReader.cfm endpoint until a patch is available. Additionally, restrict access to sensitive files and directories on the server to minimize the risk of exploitation.