Key Information Vulnerability Type Path Traversal Vulnerability Affected API Route Issue Description No validation is performed on uploaded file names during file upload processing. Allows attackers to access or manipulate arbitrary files on the server by crafting malicious file names. Relevant Code Snippets 1. Inadequate file extension validation: 2. No filename validation during ZIP file processing: POC (Proof of Concept) Send request using Web frontend standalone mode. Craft malicious file names to access arbitrary directories on the server. Result Successfully accessed and read the contents of the server's file. Attackers can further exploit this vulnerability to perform file reading, writing, and other operations. Risk Attackers can access sensitive files via path traversal, leading to data leakage or system tampering.