Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component.
Fixes for this issue have been backported to the 5.x, 6.x, and 7.x branches of CSLA. CSLA version 5.5.4 contains a fix. As of time of publication, 6.x and 7.x do not have numbered versions containing the fix but do have fix commits available.