Vulnerability
Index.js in Total.js Platform before 3.2.3 allows path traversal.Users can send requests like “GET /../databases/settings.json HTTP/1.1” that include file content from locations other than the /public directory, which is the default location for publicly available static files.
Mitigation / Precaution
We suggest that you update Totaljs in order to fix this vulnerability.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
