Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation12 reference(s) from NVD