Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected