Nullb8

**Name of the Vulnerable Software and Affected Versions** Bludit version 3.12.0 **Description** The issue allows admins to use a directory traversal approach for arbitrary file download via the "backup/plugin.php" file. This can be achieved by exploiting the "/plugin-backup-download?file=../" endpoint. **Recommendations** For Bludit version 3.12.0, consider restricting access to the backup/plugin.php file and the /plugin-backup-download endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the file parameter in the /plugin-backup-download endpoint until the issue is resolved.