CVE-2015-10018

Name of the Vulnerable Software and Affected Versions DBRisinajumi d2files versions prior to 1.0.0

Description A critical vulnerability has been found in DBRisinajumi d2files, affecting the actionUpload/actionDownloadFile function of the file controllers/D2filesController.php. This vulnerability leads to sql injection.

Recommendations For versions prior to 1.0.0, upgrade to version 1.0.0 to address this issue. As a temporary workaround, consider restricting access to the actionUpload/actionDownloadFile function in the controllers/D2filesController.php file until the upgrade is applied.