CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-10 15:59:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
71b0cee710ed54e668d68c977dc8a01eece35241
CVEs-PoC/2018/CVE-2018-11248.md
T
0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00

713 B
Raw Blame History

CVE-2018-11248

Description

util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink