CVE-2019-9886

Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt