Unknown · Web File Browser · CVE-2011-4831
**Name of the Vulnerable Software and Affected Versions**
Web File Browser version 0.4b14
**Description**
The issue allows remote authenticated users to read arbitrary files. This is achieved by using a ..%2f (encoded dot dot) in the `file` parameter in a download action. The `download` action is part of the webFileBrowser.php file.
**Recommendations**
For Web File Browser version 0.4b14, consider restricting access to the `webFileBrowser.php` file until a patch is available. As a temporary workaround, avoid using the `file` parameter in the download action to minimize the risk of exploitation.