Simplifile · Simplifile Recordfusion · CVE-2019-19264
**Name of the Vulnerable Software and Affected Versions**
Simplifile RecordFusion versions prior to 2019-11-25
**Description**
The issue allows remote attackers to access local files. This is achieved through the `logs` and `hist` parameters in the logger/logs or logger/hist URI, such as "logger/logs?/../" or "logger/hist?/../".
**Recommendations**
For versions prior to 2019-11-25, as a temporary workaround, consider restricting access to the logger/logs and logger/hist API endpoints until a patch is available. Avoid using the `logs` and `hist` parameters in these endpoints to minimize the risk of exploitation.