Description
The web application uses Refinery CMS. This version of Refinery CMS depends on Dragonfly gem that has an arbitrary file read/write vulnerability. Successful exploitation of the vulnerability can result in takeover of the server.
Remediation
Upgrade to the latest version of Dragonfly gem
References
Related Vulnerabilities
WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)
WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)
WordPress Plugin WP Marketplace TimThumb Arbitrary File Upload (1.1.0)
OwnCloud phpinfo Information Disclosure (CVE-2023-49103)
WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)