A vulnerability classified as critical was found in Fabrikar com_fabrik 3.9.11 . This affects the function onAjax_files . The manipulation of the argument folder results in path traversal. This vulnerability is reported as CVE-2020-37219 . The attack can be launched remotely. Moreover, an exploit is present.