CVE-2023-6577

Name of the Vulnerable Software and Affected Versions Byzoro PatrolFlow 2530Pro versions up to 20231126

Description A problematic issue affects the processing of the file /log/mailsendview.php. The manipulation of the file argument with the input /boot/phpConfig/tb admin.txt leads to path traversal. The attack may be initiated remotely.

Recommendations For versions up to 20231126, as a temporary workaround, consider restricting access to the /log/mailsendview.php file until a patch is available. Avoid using the file argument with potentially malicious inputs in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.