CVE-2023-42226

Pat Infinite Solutions HelpdeskAdvanced versions up to and including 11.0.33 are affected by CVE-2023-42226, a directory traversal vulnerability (CWE-22) in the Email/SaveAttachment function. This flaw allows attackers to access files outside the intended directory by manipulating input parameters, as indicated by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting high confidentiality impact with network accessibility and no authentication required.

Remote unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction needed. Successful exploitation enables reading sensitive files on the server, potentially exposing configuration data, user information, or other arbitrary files, though it does not affect integrity or availability.

Advisories reference a CVE list at https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md, but specific mitigation or patch details are not detailed in available information.