Amriljafni

**Name of the Vulnerable Software and Affected Versions** Spring Signage Xibo versions 1.2.x through 1.2.2 Spring Signage Xibo versions 1.4.x through 1.4.1 **Description** The issue allows remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `p` parameter to the "index.php" endpoint. **Recommendations** For Spring Signage Xibo versions 1.2.x through 1.2.2, update to version 1.2.3 or later. For Spring Signage Xibo versions 1.4.x through 1.4.1, update to version 1.4.2 or later.