CVE-2022-39034

Name of the Vulnerable Software and Affected Versions Smart eVision (affected versions not specified)

Description The issue is related to a path traversal vulnerability in the Report API function. This vulnerability is caused by insufficient filtering for special characters in URLs, allowing a remote attacker with general user privilege to bypass authentication and access restricted paths. The attacker can also download system files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.