2 matches found
Directory Traversal
FileDownloader is vulnerable to directory traversal. Failing to check filename in util/FileDownloadUtils.java allows the attacker to trigger the attack by sending a file attachment's name with ../...
CVE-2018-11248
The CVE CVE-2018-11248 affects FileDownloader 1.7.3, where util/FileDownloadUtils.java does not properly validate the attachment name. An attacker can supply a filename containing ../, enabling directory traversal and potential storage outside the intended directory. This vulnerability is describ...