Kenny Chen

**Name of the Vulnerable Software and Affected Versions** Webmin versions prior to 1.290 Usermin versions prior to 1.220 **Description** The issue allows remote attackers to read arbitrary files by bypassing the removal of "../" sequences before certain bytes, such as "%01", are removed from the filename. This can be achieved using "..%01" sequences. **Recommendations** For Webmin versions prior to 1.290, update to version 1.290 or later to resolve the issue. For Usermin versions prior to 1.220, update to version 1.220 or later to resolve the issue.