CVE-2022-25216
DVDFab 12 Player/PlayerFab is affected by a local file inclusion (absolute path traversal) via HTTP GET to /download/. The issue allows remote attackers to download any file on the Windows filesystem readable by the running user. Root cause: traversal of local paths in the download endpoint. Affe...