A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function
DeleteImage
of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt
leads to path traversal: ‘../filedir’.
This vulnerability was named CVE-2024-2563. The attack can be initiated remotely. Furthermore, there is an exploit available.