Description The plugin doesn’t use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. A partial fix was released in 2.0.9.6, removing the ability to list the directory but still allowing direct access to the files by only guessing the timestamp of the backup.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 2.0.9.9 |