InterWorx contains a flaw as the Import and Restore features creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against a specially crafted archive restoration to gain access to arbitrary files.
Local Access Required
Loss of Confidentiality
It has been reported that this issue has been fixed. Upgrade to version 4.11.6 #475, 5.0.5 #516, or higher, to address this vulnerability.