An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js
allows an attacker to reach a parent directory via a crafted name or ID field.
{ "github_reviewed_at": "2023-07-13T17:08:04Z", "cwe_ids": [ "CWE-22" ], "nvd_published_at": "2020-01-06T18:15:00Z", "severity": "HIGH", "github_reviewed": true }