CVE-2018-16473

The takeapeek module up to version 0.2.2 has a flaw that lets attackers browse and list files and folders on the server that they shouldn't have access to. This happens because the module doesn't properly check file paths before accessing them.

A path traversal vulnerability (CWE-22) in takeapeek <=0.2.2 permits unauthenticated directory and file enumeration through improper input validation on file path parameters. An attacker can exploit this by crafting requests with directory traversal sequences (e.g., ../) to access files outside the intended directory scope, potentially exposing sensitive information.