CVE-2023-49031

Name of the Vulnerable Software and Affected Versions Tikit (now Advanced) eMarketing platform version 6.8.3.0

Description A Directory Traversal (Local File Inclusion) issue allows a remote attacker to read arbitrary files and obtain sensitive information. This is achieved by sending a crafted payload to the OpenLogFile endpoint, specifically targeting the filename parameter.

Recommendations For version 6.8.3.0, as a temporary workaround, consider restricting access to the OpenLogFile endpoint until a patch is available. Avoid using the filename parameter in the affected endpoint until the issue is resolved.