CVE-2022-28063

Name of the Vulnerable Software and Affected Versions Simple Bakery Shop Management System version 1.0

Description The issue concerns a file disclosure vulnerability. It can be exploited via the "/bsms/?page=products" API endpoint.

Recommendations For Simple Bakery Shop Management System version 1.0, consider restricting access to the /bsms/?page=products endpoint until a patch is available. As a temporary workaround, avoid using the page parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.