CVE-2020-10387

Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt