Alog CMS system XSS arbitrary File Download read vulnerability-vulnerability warning-the black bar safety net

| Alog CMS Background any download any remove any of the columns of the directory 漏洞 文件 :admin/mod/uploadfile.mod.php $baseDir = SITEROOT.'static/upload/'; $currentDir = $GET'dir' ? $GET'dir' : $POST'dir' ? $POST'dir' : "; //without any filter $currentPath = $baseDir.$ currentDir; Any download...