D0Ub1E-Dcoordinator

**Name of the Vulnerable Software and Affected Versions** Gin-vue-admin versions prior to 2.8.8 **Description** Gin-vue-admin, a backstage management system based on vue and gin, contains a path traversal issue in the breakpoint resume upload functionality. The vulnerability exists because the `MakeFile` function in the `breakpoint continue.go` file directly concatenates the `fileName` parameter with the base directory path (`./fileDir/`) using `os.OpenFile()` without proper validation for directory traversal sequences, such as `../`. An attacker with file upload privileges can exploit this to upload arbitrary files to any directory. The vulnerable API endpoint is `/fileUploadAndDownload/breakpointContinueFinish`. The `fileName` parameter is vulnerable. **Recommendations** Update Gin-vue-admin to version 2.8.8 or later.