CVE-2016-10734

CVE-2016-10734

ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.