Admidio get_file.php Remote File Disclosure Vulnerability

Summary
This host is running Admidio and is prone to Directory Traversal Vulnerability.
Impact
Successful exploitation could allow attacker to view local files in the context of the webserver process. Impact Level: Application
Solution
Upgrade to Version 1.4.9 or later http://www.admidio.org/index.php?page=download
Insight
The flaw is due to file parameter in modules/download/get_file.php which is not properly sanitized before returning to the user.
Affected
Admidio Version 1.4.8 and prior.
References