CVE-2020-12764

Name of the Vulnerable Software and Affected Versions Gnuteca version 3.8

Description The issue allows Directory Traversal via the "file.php?folder=/&file=" endpoint. This could potentially allow access to sensitive files on the system.

Recommendations For Gnuteca version 3.8, as a temporary workaround, consider restricting access to the "file.php" endpoint until a patch is available. Avoid using the folder and file parameters in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.