Submit #633661: github ruoyi-go 2.1 Directory Traversalinfo

Titelgithub ruoyi-go 2.1 Directory Traversal
BeschreibungRuoyi Background Management System (Golang version), based on gin + gorm, supports MyBatis-style separation of SQL and Go code. It features an extremely concise code style and adopts traditional template engine technology, making it suitable for back-end developers to work on a project independently. Due to the lack of any filtering and restrictions on the parameters of the download function, an arbitrary file download vulnerability is caused.
Quelle⚠️ https://github.com/on-theway/cve/issues/1
Benutzer
 OnTheWay (UID 88937)
Einreichung13.08.2025 15:11 (vor 11 Monaten)
Moderieren25.08.2025 10:45 (12 days later)
StatusAkzeptiert
VulDB Eintrag321250 [lostvip-com ruoyi-go bis 2.1 CommonController.go DownloadTmp/DownloadUpload fileName Directory Traversal]
Punkte20

Want to know what is going to be exploited?

We predict KEV entries!