CVE-2021-38697

Name of the Vulnerable Software and Affected Versions SoftVibe SARABAN for INFOMA version 1.1

Description The issue allows unauthenticated unrestricted file upload, enabling attackers to upload files with any file extension, which can lead to arbitrary code execution.

Recommendations For SoftVibe SARABAN for INFOMA version 1.1, consider restricting file upload capabilities to authenticated users and validating file extensions to prevent malicious uploads until a patch is available. As a temporary workaround, restrict access to the file upload feature to minimize the risk of exploitation.