CVE-2023-7098

Name of the Vulnerable Software and Affected Versions icret EasyImages version 2.8.3

Description A problematic vulnerability was found in icret EasyImages, affecting unknown code of the file app/hide.php. The manipulation of the key argument leads to path traversal, allowing an attacker to access files outside the intended directory, such as '../filedir'. The attack can be initiated remotely, but the complexity of the attack is rather high, making exploitation difficult. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer.

Recommendations For icret EasyImages version 2.8.3, as a temporary workaround, consider restricting access to the app/hide.php file until a patch is available. However, since this product is no longer supported by the maintainer, there is no information about a newer version that contains a fix for this vulnerability.