A directory traversal vulnerability was discovered in WUZHI CMS 4.1.0.
Directory traversal allows authenticated remote attackers to list files in any directory.
Vulnerability in /coreframe/app/attachment/admin/index.php:
Even if the "str_replace" function filters some characters, it can still bypass the blacklist with ".....///"
1.Log in as admin
2.Vulnerability trigger point http://www.test.com/index.php?m=attachment&f=index&_su=wuzhicms&v=dir&dir=/.....///.....///.....///.....///
The text was updated successfully, but these errors were encountered:
A directory traversal vulnerability was discovered in WUZHI CMS 4.1.0.
Directory traversal allows authenticated remote attackers to list files in any directory.
Vulnerability in /coreframe/app/attachment/admin/index.php:
Even if the "str_replace" function filters some characters, it can still bypass the blacklist with ".....///"
1.Log in as admin


2.Vulnerability trigger point
http://www.test.com/index.php?m=attachment&f=index&_su=wuzhicms&v=dir&dir=/.....///.....///.....///.....///The text was updated successfully, but these errors were encountered: