2 matches found
CVE-2019-9622
eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file...
CVE-2019-9622
CVE-2019-9622 affects eBrigade (up to version 4.5) and enables Arbitrary File Download through a ../ directory traversal in the showfile.php parameter, demonstrated by accessing user-data/save/backup.sql. The root cause is unsafely handling path input in showfile.php, allowing retrieval of files ...