114514

Name of the Vulnerable Software and Affected Versions: Doufox versions up to 0.2.0 Description: A critical issue was found in Doufox, affecting an unknown functionality of the file "/?s=doudou&c=file&a=list". The manipulation of the `dir` argument leads to path traversal. This issue can be exploited remotely. Recommendations: For Doufox versions up to 0.2.0, as a temporary workaround, consider restricting access to the "/?s=doudou&c=file&a=list" endpoint until a patch is available. Avoid using the `dir` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.