An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.
https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas