CVE-2018-20635 (advance_b2b_script)

PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
Source: NIST