Drogon is an open source HTTP application framework based on C 14/17. Drogon can be used to easily build various types of web application server programs using C. An access control error vulnerability exists in the Drogon framework, which stems from the productβs HttpFile::save() method not restricting the file name during upload during upload. An attacker could write a file to an arbitrary location outside of the specified destination folder.