CVE-2023-32199: 
vulnerability analysis and mitigation

ScriptCase through version 9.9.008 contains a vulnerability that allows Arbitrary File Deletion by an administrator through directory traversal in the file parameter of the db_convert.php component. This vulnerability was discovered and disclosed on March 27, 2023, and has been assigned identifier CVE-2023-32199 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H. The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - Path Traversal). The issue affects the db_convert.php file where insufficient validation of the file parameter allows for directory traversal sequences to be used (NVD).

The vulnerability allows an authenticated administrator to delete arbitrary files on the system through directory traversal. This can lead to high impact on both integrity and availability of the system, though there is no direct impact on confidentiality (NVD).

Users should upgrade to a version newer than ScriptCase 9.9.008. The vulnerability affects all versions up to and including 9.9.008 (NVD).