제출 #752763: rachelos WeRSS WeRSS<=1.4.8 Pathname Traversal정보

제목	rachelos WeRSS WeRSS<=1.4.8 Pathname Traversal
설명	### Summary WeRSS(https://github.com/rachelos/we-mp-rss/)'s file download endpoint contains a path traversal vulnerability that allows authorized user to read sensitive files outside the intended application directory by crafting specially crafted HTTP requests. ## Detail https://www.notion.so/WeRSS-Path-Traversal-Vulnerability-Leads-to-Arbitrary-File-Read-2feea92a3c41804da1f1f5ddbf86e655
원천	⚠️ https://www.notion.so/WeRSS-Path-Traversal-Vulnerability-Leads-to-Arbitrary-File-Read-2feea92a3c41804da1f1f5ddbf86e655
사용자	din4 (UID 50867)
제출	2026. 02. 05. AM 10:12 (3 개월 ago)
모더레이션	2026. 02. 08. AM 09:32 (3 days later)
상태	수락
VulDB 항목	344933 [rachelos WeRSS we-mp-rss 까지 1.4.8 apis/tools.py download_export_file filename 디렉토리 순회]
포인트들	16

Interested in the pricing of exploits?

See the underground prices here!