CVE-2021-37293

Name of the Vulnerable Software and Affected Versions KevinLAB Inc Building Energy Management System 4ST BEMS version 1.0.0

Description A Directory Traversal issue exists via the page GET parameter in index.php. This allows for potential unauthorized access to sensitive files and directories.

Recommendations For version 1.0.0, as a temporary workaround, consider restricting access to the index.php file or validating and sanitizing the page parameter to prevent malicious input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.