CVE-2018-11248

Name of the Vulnerable Software and Affected Versions FileDownloader version 1.7.3

Description The issue concerns a directory traversal problem. An attacker can exploit this by placing "../" in a file name, allowing the file to be stored in an unintended directory. This occurs because the util/FileDownloadUtils.java in FileDownloader does not properly check an attachment's name.

Recommendations For FileDownloader version 1.7.3, consider implementing proper validation and sanitization of file names to prevent directory traversal attacks. As a temporary workaround, restrict the ability to upload files with "../" in their names to minimize the risk of exploitation.