Name of the Vulnerable Software and Affected Versions Акцент (affected versions not specified)

Description The issue exists due to insufficient checking of the filename POST parameter in the /handlers/download.php script. This allows a remote attacker to read the contents of arbitrary files on the server by using a specially crafted filename parameter value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.