Similar APIs designed to upload files from authenticated users did not properly sanitize their destination input, allowing directory traversal attacks which could eventually allow an authenticated attacker to execute code on the controller.

So Directory traversal Actually allowing an unauthenticated attacker to execute code or store code on controller.

So…

Joy Ghosh

Security Researchers | Ctf Player | Web-Application Pen-tester | Programmer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store