CVE-2019-9622

eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt