CVE-2024-34829: IDOR in Eramba Community version <3220
Issue Summary
An IDOR bug was found on /attachments/attachments/download/ API allows abitrary file download, as a result of lacking of user permission control
Issue Impact
All existing files in a section, including private files belonging to the admin user, can be downloaded Any user who has the Download Attachme