CVE-2019-9622

Name of the Vulnerable Software and Affected Versions eBrigade versions prior to 4.5

Description The issue allows for Arbitrary File Download via directory traversal in the showfile.php file parameter. This can be exploited by using '../' to access files outside the intended directory, as demonstrated by reading the user-data/save/backup.sql file.

Recommendations For versions prior to 4.5, consider restricting access to the showfile.php file until a patch is available. As a temporary workaround, avoid using the showfile.php file parameter with '../' to prevent directory traversal attacks.