CVE-2023-40023

Name of the Vulnerable Software and Affected Versions Yak Engine versions prior to 1.2.4-sp1

Description The Yak Engine contains a local file inclusion (LFI) vulnerability, allowing attackers to include files from the server's local file system through the web application. This can lead to unintended exposure of sensitive data, potential remote code execution, or other security breaches.

Recommendations For versions prior to 1.2.4-sp1, upgrade to version 1.2.4-sp1 to patch the vulnerability. If upgrading is not possible, avoid exposing vulnerable versions to untrusted input and closely monitor any unexpected server behavior until an upgrade can be performed. As a temporary workaround, consider restricting access to sensitive files and closely monitoring server behavior to minimize the risk of exploitation.