Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-425,
Products Affected