eFront 'download' Parameter Directory Traversal Vulnerability

eFront 'download' Parameter Directory Traversal Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/student.php?ctg=personal&user=trainee&op=files&download=[file]