CVE-2024-1114

Name of the Vulnerable Software and Affected Versions openBI versions up to 1.0.8

Description A critical issue has been found, affecting the dlfile function of the file /application/index/controller/Screen.php. The manipulation of the fileUrl argument leads to improper access controls. The attack can be initiated remotely.

Recommendations For openBI versions up to 1.0.8, consider disabling the dlfile function until a patch is available. Restrict access to the /application/index/controller/Screen.php file to minimize the risk of exploitation. Avoid using the fileUrl argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.