CVE-2024-2563
The CVE-2024-2563 entry concerns PandaXGO PandaX up to 20240310. A path traversal flaw exists in the DeleteImage function in /apps/system/router/upload.go, where an attacker can manipulate the fileName parameter (e.g., ../../../../../../../../../tmp/1.txt) to traverse to ../filedir. The issue is ...