CVE-2022-4402

Name of the Vulnerable Software and Affected Versions RainyGao DocSys version 2.02.37

Description A critical vulnerability has been found in the ZIP File Decompression Handler component of RainyGao DocSys. The issue allows for path traversal, specifically using '../filedir', and can be initiated remotely. The exploit has been disclosed publicly.

Recommendations For RainyGao DocSys version 2.02.37, consider restricting access to the ZIP File Decompression Handler component until a patch is available. As a temporary workaround, avoid using the '../filedir' path traversal in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.