CVE-2022-3387

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet versions 2.4.19 and prior

Description The issue is due to incorrect restriction of the directory path name with limited access. An unauthorized attacker could remotely exploit vulnerable PHP code to delete arbitrary files, including .PDF files, through path traversal attacks.

Recommendations For versions 2.4.19 and prior, consider restricting access to the vulnerable PHP code until a patch is available. As a temporary workaround, avoid using the vulnerable out.php file to minimize the risk of exploitation. Restrict access to sensitive files, such as .PDF files, to prevent unauthorized deletion.