Directory traversal exists in dedecms v5.7.87
There is a vulnerability file:uploads/include/dialog/select_templets.php
The $activepath parameter is controllable, and there is a regular bypass.
The dir() function lists the directory, then the read() function loops through the contents of the directory.
By way of... \ Can bypass filtering to achieve directory traversal, resulting in directory traversal


