Vendor GladysAssistant
Affected product GladysAssistant
Affected versions < 4.30
Vulnerability type CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Description The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.
Status fixed in >= 4.30
Reporter So Sakaguchi, GMO Cybersecurity by Ierae, Inc.