CVE-2024-2564
CVE-2024-2564 affects PandaXGO PandaX up to 20240310 . The vulnerability is in the function ExportUser (file /apps/system/api/user.go ); manipulating the filename parameter enables a path traversal (e.g., '../filedir'), potentially allowing access to files outside the intended directory. Exploita...