RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.
{ "source": "CPE_STRING", "cpe": "cpe:2.3:a:nopcommerce:nopcommerce:4.20:-:*:*:*:*:*:*", "extracted_events": [ { "introduced": "4.20-NA" }, { "last_affected": "4.20-NA" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19683.json"