Abhikafle123

**Name of the Vulnerable Software and Affected Versions** Webgrind version 1.5 **Description** The issue allows anyone to view files from the local filesystem that the webserver user has access to. This is achieved by manipulating the `file` parameter in the `/index.php` API endpoint, specifically through the `op=fileviewer&file=` URI. It is noted that the vendor does not intend the product for use in a publicly accessible environment. **Recommendations** For Webgrind version 1.5, as a temporary workaround, consider restricting access to the `fileviewer` operation in the `index.php` endpoint to minimize the risk of exploitation. Avoid using the `file` parameter in the affected API endpoint until the issue is resolved.