Chapochapo

**Name of the Vulnerable Software and Affected Versions** SunFounder Pironman Dashboard (pm dashboard) versions prior to 1.3.13 **Description** The SunFounder Pironman Dashboard (pm dashboard) contains a path traversal flaw in the log file API endpoints. An unauthenticated remote attacker can manipulate the `filename` parameter with traversal sequences to read and delete arbitrary files. Successful exploitation could lead to the disclosure of sensitive information and the deletion of critical system files, potentially resulting in data loss, system compromise, or denial of service. The API endpoints involved are susceptible to this issue. **Recommendations** Versions prior to 1.3.13 should be updated.