Vendor
changedetection.io is vulnerable to arbitrary local file read due to insufficient validation of snapshot paths restored from backup files, allowing attackers to read sensitive files by crafting a malicious backup archive containing a manipulated `history.txt` file.