Arbitrary File Download Vulnerability in Jeecg v3.8
CVE-2020-20948
7.5HIGH
What is CVE-2020-20948?
An arbitrary file download vulnerability exists in Jeecg v3.8 that allows attackers to exploit a flaw in the 'localPath' variable. This enables unauthorized access to sensitive files on the server, posing a serious risk to data integrity and confidentiality. Attackers can manipulate the system to download files that should otherwise be restricted, which could lead to further exploitation or data leakage.