Arbitrary File Download Vulnerability in eBrigade 4.5 via Directory Traversal

Arbitrary File Download Vulnerability in eBrigade 4.5 via Directory Traversal

CVE-2019-9622 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.