You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
And I noticed it only fixes the path traversal in file upload, while file deletion is still vulnerable.
Thus, it's possible to delete any file outside application's webroot:
Hi,
I was looking at the fix to #1035:

And I noticed it only fixes the path traversal in file upload, while file deletion is still vulnerable.

Thus, it's possible to delete any file outside application's webroot:
POC request:
The text was updated successfully, but these errors were encountered: