CVE-2023-42232

CVE-2023-42232 is a directory traversal vulnerability affecting Pat Infinite Solutions HelpdeskAdvanced versions up to and including 11.0.33. The flaw exists in the Navigator/Index function, allowing attackers to access files outside the intended directory structure. It has a CVSS v3.1 base score of 7.5, rated as high severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and significant confidentiality impact.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no privileges needed. Successful exploitation enables reading arbitrary files on the server, potentially exposing sensitive information such as configuration files, user data, or system details, though it does not impact integrity or availability.

Advisories reference a CVE list entry at https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md, which documents the issue but provides no specific patch or mitigation details in the available information.