Bobok

Name of the Vulnerable Software and Affected Versions: qBit Manage versions prior to 4.5.4 Description: A path traversal vulnerability exists in qBit Manage's web API that allows authenticated users to read arbitrary files from the server filesystem. The vulnerability is located in the `restore config from backup` API endpoint. Attackers can bypass directory restrictions and read arbitrary files by manipulating the `backup id` parameter with path traversal sequences (e.g., ../). Recommendations: Update to version 4.5.4 or later.