Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')Referenceshttps://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344
