CVE-2018-11413

Name of the Vulnerable Software and Affected Versions BearAdmin version 0.5

Description An issue allows remote attackers to download arbitrary files via directory traversal sequences in the /admin/databack/download.html endpoint, potentially exposing sensitive information such as MySQL credentials in the configuration file.

Recommendations For BearAdmin version 0.5, restrict access to the /admin/databack/download.html endpoint to minimize the risk of exploitation. Consider implementing input validation and sanitization for the name parameter to prevent directory traversal attacks.