The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.
This Cyber News was published on www.tenable.com. Publication date: Sat, 23 Nov 2024 09:56:03 +0000