CVE-2024-22523

Name of the Vulnerable Software and Affected Versions Qiyu iFair versions 23.8 ad0 and earlier

Description The issue allows remote attackers to obtain sensitive information via the uploadimage component. This is a Directory Traversal vulnerability, which means that attackers can access files and directories that are outside the intended directory structure.

Recommendations For Qiyu iFair versions 23.8 ad0 and earlier, consider restricting access to the uploadimage component until a patch is available. As a temporary workaround, limit the ability of remote attackers to upload files and obtain sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.