This is a security advisory detailing a local file inclusion vulnerability in Collaborative Passwords Manager (cPassMan) v1.82. The vulnerability allows unauthenticated remote attackers to read arbitrary files on the server via the 'path' parameter in 'sources/downloadfile.php'.