Research
Unauthenticated LFI in Appwrite 0.5.0 <= 0.12.1
While exploring cyber space I stumbled upon a project called Appwrite. Looked interesting, started browsing the code. Eventually, I discovered an undisclosed vulnerability in one of the endpoints allowing an attacker to read local files on the system. The endpoint /.well-known/acme-challenge is vulnerable against local file inclusion which allows