2018-10-28 03:00:00
mitre
PUBLISHED
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.