[SECURITY] Directory Traversal Vulnerability Found

[Sp1d3rL1]

We have recently discovered an Directory Traversal Vulnerability in several files in PHPVibe that cause Code Execution, and it is definitely something that should concern you. I'll report it to the PHPVibe community as soon as possible and also hope to get in touch with you soon so we can move forward with fixing the issue.
If it is convenient, You can reach me at himagetsu@gmail.com to get in touch and hopefully get your attention as soon as possible so that I can report the vulnerability details to you.
Finally, if you don't mind, I would like to report it to CVE as well, so I hope you know and understand.

[PHPVibe]

Hi! I've received an email but my replies bounced. I've added a check to insecure files function.

[Sp1d3rL1]

Sorry, I may have a problem with my Google mail settings. I saw your changes, but the exploit I mentioned can still bypass this restriction, so please send me an email to this email address mnss2021@163.com.
Attached is a link to the exploit proof: https://github.com/751897386/PHPVibe_vulnerability_Directory-Traversal

[PHPVibe]

Got it now, thanks! I've added a rudimentary, but useful, cleaning function for the tokens.

https://github.com/PHPVibe/PHPVibe/commits/master/

It should wipe everything tricky and no longer allow access to file paths.