The developer use str_replace to delete '../' in /app/system/system/admin/filept.class.php: doGetFileList, but this is not safe enough becase it can be bypassed by '..././' or '....//'.
Payload
The text was updated successfully, but these errors were encountered:
Vulnerability Name: Metinfo CMS Background Directory Traversal
Product Homepage: https://www.metinfo.cn/
Software link: https://u.mituo.cn/api/metinfo/download/7.0.0
Version: V7.0.0
The developer use str_replace to delete '../' in
/app/system/system/admin/filept.class.php: doGetFileList, but this is not safe enough becase it can be bypassed by '..././' or '....//'.Payload
The text was updated successfully, but these errors were encountered: