CVE-2022-23377

Name of the Vulnerable Software and Affected Versions Archeevo versions prior to 5.0

Description The issue allows an attacker to retrieve local files through local file inclusion. This can be achieved by accessing the file=~/web.config parameter, potentially leading to sensitive information disclosure.

Recommendations For versions prior to 5.0, consider restricting access to the file parameter in the affected API endpoint until a patch is available. As a temporary workaround, avoid using the file parameter with paths that could lead to sensitive file inclusion, such as ~/web.config. At the moment, there is no information about a newer version that contains a fix for this vulnerability.