CVE-2018-19512

In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt