The code is vulnerable remote code execution vulnerability via Path Traversal. Payload like this works: ?dir=
.././user/profile.pngThe code is vulnerable remote code execution vulnerability via Path Traversal. Payload like this works: ?dir=
.././user/profile.png