CVE-2019-9886

Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.
Source: NIST
CVE-2019-9886