[原文]Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe.
eFileGo Server Traversal Arbitrary Command Execution
Remote / Network Access
Denial of Service,
Loss of Availability
eFileGo contains a flaw that allows a remote attacker to execute programs outside of the web path. The issue is due to the eFileGo server not properly sanitizing user input, specifically traversal style attacks (../../) supplied to the server.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.