Incomplete Patch in Gladys Assistant v4.27.0 and Prior Allows Authenticated Attackers to Perform Directory Traversal and Extract Sensitive Files

Incomplete Patch in Gladys Assistant v4.27.0 and Prior Allows Authenticated Attackers to Perform Directory Traversal and Extract Sensitive Files

CVE-2023-47440 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

Learn more about our Web Application Penetration Testing UK.