CVE-2023-4591

Name of the Vulnerable Software and Affected Versions WPN-XM Serverstack version 0.8.6

Description A local file inclusion issue has been found, allowing an unauthenticated user to perform a local file inclusion via the "/tools/webinterface/index.php?page" parameter by sending a GET request. This could lead to the loading of a PHP file on the server, resulting in a critical webshell exploit.

Recommendations For version 0.8.6, consider disabling the index.php page in the /tools/webinterface/ directory until a patch is available. Restrict access to the page parameter in the affected API endpoint to minimize the risk of exploitation.