V0L4Arrra

**Name of the Vulnerable Software and Affected Versions** Jshop Server versions 1.x through 2.x **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `xPage` parameter of the /v2demo/page.php endpoint. **Recommendations** For Jshop Server versions 1.x through 2.x, as a temporary workaround, consider restricting access to the `xPage` parameter in the /v2demo/page.php endpoint until a patch is available.