CVE-2022-34002

Name of the Vulnerable Software and Affected Versions PDS Vista version 7

Description The issue concerns a Local File Inclusion vulnerability in the document parameter of the "/application/documents/display.aspx" API endpoint. This allows a low-privileged authenticated attacker to leak configuration files and source code of the web application.

Recommendations For PDS Vista version 7, consider restricting access to the vulnerable /application/documents/display.aspx API endpoint until a patch is available. As a temporary workaround, avoid using the document parameter in the affected API endpoint to minimize the risk of exploitation.