CVE-2017-17876

Biometric Shift Employee Management System 3.0 is affected. The vulnerability lets remote attackers bypass file-read restrictions via a user=download request with a pathname in the path parameter, enabling local file disclosure. This is corroborated by CNVD/NVD entries and Exploit-DB references (...