CVE-2017-12761
CVE-2017-12761 affects WebFile Explorer 1.0. The vulnerability arises from using the GET parameter in download.php (component: $file = $_GET['id']), enabling SQL Injection that leads to Arbitrary File Download (remote) via the attack vector download.php?id=WebExplorer/../config.php. Affected soft...