Closed
Issue #1931 · opened by hakong · ·

"Add new Webdav user" can chmod and chown entire server from client interface

Through the client interface, I was able to chmod and chown the root directory (/) of my server to web3:client9 and 770 using the "Add new Webdav user" by using ../../../../../../../../../../../../ as a path. This can probably be exploited in some way too.

0
0