A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.Referenceshttps://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitationhttps://github.com/mefulton/asustorexploithttp://seclists.org/fulldisclosure/2018/May/2
