AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
[
{
"cpes": [
"cpe:2.3:a:inclusive-design:achecker:-:*:*:*:*:*:*:*"
],
"vendor": "inclusive-design",
"product": "achecker",
"versions": [
{
"status": "affected",
"version": "1.5"
}
],
"defaultStatus": "unknown"
}
]