CVE-2024-8941

Name of the Vulnerable Software and Affected Versions: Scriptcase version 9.4.019

Description: A path traversal issue exists in Scriptcase, allowing unauthenticated remote users to bypass intended restrictions and list or read a parent directory. This is achieved via the "subpage" parameter in the /scriptcase/devel/compat/nm edit php edit.php file or by manipulating the "field file" POST parameter.

Recommendations: For version 9.4.019, consider disabling access to the /scriptcase/devel/compat/nm edit php edit.php file until a patch is available. Restrict the use of the subpage parameter and the field file POST parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.