Thejt

**Name of the Vulnerable Software and Affected Versions** IntegraMOD versions 1.4.x **Description** The issue allows remote attackers to download a backup via a direct request to a `backup/backup-yyyy-dd-mm.sql` filename, due to insufficient access control of sensitive information stored under the web root. **Recommendations** For versions 1.4.x, consider restricting access to the backup files by implementing proper access controls to prevent unauthorized downloads. As a temporary workaround, restrict access to the `backup` directory to minimize the risk of exploitation.