JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
{ "github_reviewed": true, "nvd_published_at": "2023-12-10T18:15:07Z", "severity": "HIGH", "cwe_ids": [ "CWE-22" ], "github_reviewed_at": "2023-12-13T19:30:49Z" }