Description
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Remediation
References
Related Vulnerabilities
Django Insufficiently Protected Credentials Vulnerability (CVE-2018-16984)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (6.2.01)
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028)
WordPress Plugin Evarisk 'uploadPhotoApres.php' Arbitrary File Upload (5.1.5.4)