CVEs-PoC/2018/CVE-2018-11248.md at 9fdf63f72aaf69c2cfcdf003f210c221cc422aaa

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-15 15:58:01 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.

POC

Reference

No PoCs from references.

Github

https://github.com/A-TPL-Bench/LibHunter
https://github.com/Anonymous-Phunter/PHunter
https://github.com/CGCL-codes/LibHunter
https://github.com/CGCL-codes/PHunter
https://github.com/LibHunter/LibHunter

850 B Raw Blame History

CVE-2018-11248

Description

POC

Reference

Github

850 B

Raw Blame History