AutomatedQuizEval, an automated quiz evaluation system from the personal developer Sravani Boinepelli, suffers from a path traversal vulnerability that stems from the failure of Flaskβs send_file function to properly filter special elements in resource or file paths, which could be exploited by attackers to access arbitrary files and directories stored on the file system.