CVE-2022-50956

Name of the Vulnerable Software and Affected Versions amministrazione-aperta version 3.7.3

Description Insufficient input validation in the open parameter allows unauthenticated attackers to read arbitrary files. By supplying file paths through the open GET parameter in the 'dispatcher.php' endpoint, an attacker can include and read sensitive files accessible to the web server.

Recommendations As a temporary workaround, restrict access to the 'dispatcher.php' endpoint or avoid using the open parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.