4 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the DownloadTmp function in CommonController.go when handling the fileName argument. An attacker can access arbitrary files on the server by supplying crafted input remotely. Details A Directory Traversal attack...
CVE-2025-9409
A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack...
PT-2025-34680 · Lostvip Com · Ruoyi-Go
Name of the Vulnerable Software and Affected Versions: lostvip-com ruoyi-go versions prior to 2.1 Description: A security flaw exists in the DownloadTmp/DownloadUpload function within the modules/system/controller/CommonController.go file. Manipulation of the fileName argument can lead to a path...
ruoyi-go 路径遍历漏洞
ruoyi-go is a backend management system for individual developers at lostvip.com. A path traversal vulnerability exists in ruoyi-go 2.1 and earlier versions, which stems from the improper handling of the fileName parameter in the DownloadTmp/DownloadUpload function in the file...