| عنوان | Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Arbitrary File Deletion Vulnerability |
|---|
| الوصف | 1. Vulnerability Name : Arbitrary File Deletion Vulnerability of Kingdee Cloud-Starry-Sky Enterprise Edition's BBC Mall
2. Vulnerability Contributor and Submitter: caichaoxiong (蔡超雄)
3. Vulnerability Level: High risk.
4. Vulnerability Description :
The fileUpload/deleteFileAction.jhtml interface of the background service of the Kingdee Cloud Star Enterprise Edition application software component: BBC Mall (Tomcat-BBCMallSite) does not perform effective security filtering on directory traversal characters ("../", "..\"), which allows users to pass in parameters for deleting background service files, thereby deleting files in any location of the background service, resulting in serious consequences such as the loss of background service files and data.
5. Repair Plan:
(1)Strictly validate the file path or file name provided by the user to ensure that the input conforms to the expected format and avoid maliciously constructed paths (such as ../../).
(2)Use the File.getCanonicalPath() method to convert the path entered by the user to an absolute path and check whether it is within the allowed directory range.
(3)Only pre-defined files or directories are allowed to be deleted, and all file operation requests not in the whitelist are rejected.
(4)Add permission control to the fileUpload/deleteFileAction.jhtml interface, for example: users can only delete files uploaded by themselves. |
|---|
| المصدر | ⚠️ https://wx.mail.qq.com/s?k=nFbp0U0gSX0QVechIO |
|---|
| المستخدم | caichaoxiong (UID 84060) |
|---|
| ارسال | 04/05/2025 04:18 PM (12 أشهر منذ) |
|---|
| الاعتدال | 21/05/2025 12:51 PM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 309847 [Kingdee Cloud Galaxy Private Cloud BBC System حتى 9.0 Patch April 2025 File deleteFileAction.jhtml filePath اجتياز الدليل] |
|---|
| النقاط | 17 |
|---|