CVE-2005-10002 – almosteffortless secure-files Plugin secure-files.php sf_downloads path traversal

https://notcve.org/view.php?id=CVE-2005-10002

03 Oct 2005 — A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. • https://github.com/wp-plugins/secure-files/commit/cab025e5fc2bcdad8032d833ebc38e6bd2a13c92 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •