eBrigade up to and including 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ebrigade ebrigade |