[原文]Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
Astaro Security Linux Proxy contains a flaw that allows a remote attacker to access files on filesystem outside of the web path. The issue is due to the "index.fpl" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "wfe_download" variable.
Upgrade to version 220.127.116.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.