CVE-2022-24241
ACEweb Online Portal 3.5.065 is affected by an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. Root cause is an external file path/name handling issue that could affect confidentiality (per CVSS metrics), with CVSS v3.1 base score 7.5 (HIGH) ...