Description
Unauthenticated users can download arbitrary files from the web server due to a vulnerability in vendor/player/flv/flv_stream.php.
Remediation
Upgrade Tiki Wiki CMS to version 12.8, 14.3, 15.1 or above (recommended)
References
Related Vulnerabilities
WordPress Plugin User Meta Manager Information Disclosure (3.4.7)
WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)
WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)
WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)