Qianxincodesafe

**Name of the Vulnerable Software and Affected Versions** ShopXO version 1.2.0 **Description** An issue in the UnlinkDir method of the FileUtil.php file allows input mishandling by the rmdir method due to unchecked input parameters. This enables attackers to delete arbitrary files using "../" directory traversal. **Recommendations** For ShopXO version 1.2.0, consider implementing input validation in the UnlinkDir method of the FileUtil.php file to prevent directory traversal attacks. As a temporary workaround, restrict access to the UnlinkDir method to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hutool versions prior to 4.1.12 **Description** The issue allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive, specifically through the unzip function in ZipUtil.java. **Recommendations** For versions prior to 4.1.12, update to version 4.1.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of the unzip function in ZipUtil.java to minimize the risk of exploitation.