Vendor GladysAssistant
Affected product GladysAssistant
Affected versions <= 4.26.1
Vulnerability type CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Description A path traversal was found in GladysAssistant version 4.26.1 and before. An attacker authenticated as a normal user may extract sensitive files in the host machine by exploiting a non-sanitized user input.
Status fixed in >= 4.27.0
Reporter So Sakaguchi, GMO Cybersecurity by Ierae, Inc.