CVE-2016-10733
ProjectSend (formerly cFTP) r582 is affected by a directory traversal vulnerability that can be triggered through the file parameter (file=../) in the process-zip-download.php query string. This vulnerability is documented in CVE-2016-10733. The impact is described in the associated CVSS metrics ...