Description
The web application uses Total.js framework. Total.js before 3.2.4 has a directroy traversal vulnerability. An attacker can craft a request that accesses potentially sensitive information on the server, that may lead to takeover of the server.
Remediation
Upgrade to the latest version of Total.js
References
Related Vulnerabilities
WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)
Rails Asset Pipeline Directory Traversal Vulnerability
WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)
WordPress Plugin Ninja Forms with File Uploads Extension Multiple Vulnerabilities (3.0.22)