A vulnerability has been identified in XPWeb, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is due to an input validation error in the "Download.php" script that does not validate the "url" parameter before being passed as an argument to a "fread()" call, which could be exploited to display the contents of arbitrary files via directory traversal attacks.
Vulnerable Products
Vulnerable Software: XPWeb version 3.3.2 and prior
