Discovered by Jake Cleland on behalf of The Missing Link Security
MicroRealEstate used parameters passed in a URL to determine file paths when writing uploaded files to disk. As a result, adversaries could control parts of the file path to write files to unauthorised directories, potentially overwriting system files and corrupting the platform.
Fixed Versions:
N/A