CVE-2023-3057

Name of the Vulnerable Software and Affected Versions YFCMF versions up to 3.0.4

Description A problematic issue affects the processing of the file app/admin/controller/Ajax.php. The manipulation of the controllername argument leads to path traversal, allowing an attacker to access files using '../filedir'. The attack can be initiated remotely.

Recommendations For YFCMF versions up to 3.0.4, consider restricting access to the Ajax.php file in the app/admin/controller directory to minimize the risk of exploitation. As a temporary workaround, avoid using the controllername argument in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.