GateOne 1.1 allows arbitrary file retrieval without authentication via /downloads/.. local file inclusion because os.path.join is incorrectly used.
id: CVE-2020-35736
info:
name: GateOne 1.1 - Local File Inclusion
author: pikpikcu
severity:
...