id	summary	reporter	owner	description	type	status	priority	component	severity	resolution	keywords	cc	release
8725	[Patch] Minor path travelsal vulnerability	tinus	Blackhex	If the 'file' field in the 'download' table can be manipulated, the DownloadsPlugin allows a user to download any file that can be accessed by the Trac user.\r\n\r\nAttached is a patch that uses the basename function prior to concatenating the path to foil this attack.	defect	new	normal	DownloadsPlugin	normal			rjollos	0.11