Home
affected
Description
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.
Problem types
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Product status
References
www.kb.cert.org/vuls/id/937808