CVE-2024-8409

Name of the Vulnerable Software and Affected Versions: ABCD ABCD2 versions 2.2.0-beta-1 and earlier

Description: A problematic issue has been found in ABCD ABCD2, affecting an unknown part of the file /common/show image.php. The manipulation of the image argument leads to path traversal, allowing an attacker to access files outside the intended directory using '../filedir'. This issue can be exploited remotely. The exploit has been made public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations: For versions 2.2.0-beta-1 and earlier, as a temporary workaround, consider disabling the /common/show image.php file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the image argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.