CVE-2023-26526

Name of the Vulnerable Software and Affected Versions Nota-Info Bookly versions through 21.7.1

Description The issue affects Nota-Info Bookly, allowing path traversal by manipulating web input to file system calls. This is due to an improper limitation of a pathname to a restricted directory.

Recommendations For versions through 21.7.1, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, avoid using user-inputted paths in file system calls until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.