CVE-2024-2563 | PandaXGO PandaX up to 20240310 upload.go DeleteImage fileName path traversal

CVE-2024-2563 | PandaXGO PandaX up to 20240310 upload.go DeleteImage fileName path traversal

A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. This vulnerability was named CVE-2024-2563. The attack can be initiated remotely. Furthermore, there is an exploit available.