CVE-2019-18951

Name of the Vulnerable Software and Affected Versions SibSoft Xfilesharing versions prior to 2.5.2

Description The issue allows directory traversal, enabling the reading of arbitrary files. This is achieved through the op and tmpl parameters in a specific API endpoint, "/page" with tmpl=../, allowing access to files outside the intended directory.

Recommendations For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the /page endpoint with tmpl parameter to minimize the risk of exploitation.