Description
Acunetix determined that it was possible to access Openfire's administrative endpoints without authentication due to the path traversal vulnerability.
Remediation
Upgrade to the latest version of Openfire
References
Related Vulnerabilities
PHP Improper Access Control Vulnerability (CVE-2016-5385)
MySQL CVE-2018-2784 Vulnerability (CVE-2018-2784)
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2022-48565)
MySQL Other Vulnerability (CVE-2010-3838)
MySQL Integer Overflow or Wraparound Vulnerability (CVE-2017-3599)