CVE-2022-23167

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue involves an attacker crafting a GET request to the /mobile/downloadfile.aspx endpoint with a Filename parameter set to ../.. /windows/boot.ini, allowing for an unauthenticated Local File Inclusion (LFI) attack. This enables the attacker to access sensitive files on the system without authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.