Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the DownloadTmp function in CommonController.go when handling the fileName argument. An attacker can access arbitrary files on the server by supplying crafted input remotely. Details A Directory Traversal attack...