An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.