2019-08-23 14:42:05
mitre
PUBLISHED
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.