CarceresBE is an SKS parking management system backend open sourced by Delor4. CarceresBE 1.0 and earlier versions have a path traversal vulnerability that stems from a failure of Flaskβs send_file function to properly filter special elements in a resource or file path, which could be exploited by an attacker to access arbitrary files stored on the file system and directories stored on the file system.