What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.9.0.
Explanation of Vulnerability in Simple Terms
02Summary
Barcode Scanner with Inventory & Order Manager versions up to 1.9.0 contain a path traversal vulnerability that allows authenticated administrators to read arbitrary files from the server. An attacker with high-level privileges can bypass directory restrictions and access sensitive files outside the intended application directory. This vulnerability requires administrative access and does not affect data integrity or system availability.
What an attacker can do
03Attacker Capabilities
Read arbitrary files from the server filesystem.
Potential impact on your site
04Site Impact
Administrators with malicious intent or compromised admin accounts can access sensitive files like configuration files, database credentials, or private keys.
Conditions required to exploit
05Prerequisites
Attacker must have administrator-level privileges on the application.
Key dates
06Disclosure timeline
August 14, 2025
CVE published
April 28, 2026
Record updated