github.com/b3log/wide is vulnerable to many arbitrary file read and write attacks. The attacker can launch three types of attacks: (1) writing arbitrary code in the editor and running three times for read access to arbitrary files. (2) creating a symlink for a ZIP archive to trigger an arbirary file read and write to symlink target during unzipping (according to file permissions) (3) importing a Git repository with a symlink to trigger an arbitary file read and write.