PT-2024-28813 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms. The vulnerability can be exploited via the "/admin/serverFile deal.php" endpoint, specifically when the mudi parameter is set to "upFileDel" an...

fasthttp 路径遍历漏洞

fasthttp is a fast HTTP implementation for Go. A security vulnerability exists in fasthttp versions prior to 1.34.0, which stems from a lack of valid filter escaping in the ServerFile function, leading to directory traversal. An attacker can send the "/%5c" character to exploit this vulnerability...