CVE-2019-12277

Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname.
Source: NIST
CVE-2019-12277