CVE-2017-20152

Name of the Vulnerable Software and Affected Versions aerouk imageserve (affected versions not specified)

Description A problematic vulnerability was found in aerouk imageserve, affecting an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the filelocation argument leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high, and the exploitability is difficult. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, it is recommended to apply a patch. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. As a temporary workaround, consider restricting access to the public/viewer.php file until the patch is applied. Additionally, avoid using the filelocation argument in the affected component until the issue is resolved.