Nicolas Schickert

**Name of the Vulnerable Software and Affected Versions** ChronoForms version 7.0.7 **Description** The issue allows for Directory Traversal, enabling the reading of arbitrary files via the `fname` parameter. This can potentially lead to unauthorized access to sensitive information. **Recommendations** For ChronoForms version 7.0.7, consider restricting access to the `fname` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChronoForums version 2.0.11 **Description** The issue allows for Directory Traversal, enabling the reading of arbitrary files. **Recommendations** For ChronoForums version 2.0.11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.