Craw

**Name of the Vulnerable Software and Affected Versions** Joomla! component PicSell (com picsell) version 1.0 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the `dflink` parameter within a `prevsell dwnfree` action to "index.php". **Recommendations** For version 1.0 of the PicSell (com picsell) component, avoid using the `dflink` parameter in the affected API endpoint until the issue is resolved. Consider temporarily restricting access to the `index.php` endpoint with a `prevsell dwnfree` action to minimize the risk of exploitation.