Black-Id

**Name of the Vulnerable Software and Affected Versions** w-CMS version 2.01 **Description** A directory traversal issue exists in the getContent function in codes/wcms.php, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the `p` parameter. **Recommendations** For w-CMS version 2.01, consider restricting access to the vulnerable `getContent` function until a patch is available. As a temporary workaround, avoid using the `p` parameter in the affected API endpoint until the issue is resolved.