إرسال #597524: yzcheng90 X-SpringBoot master branch Path Traversalالمعلومات

عنوانyzcheng90 X-SpringBoot master branch Path Traversal
الوصفIn the X-SpringBoot project, the file upload API /sys/oss/upload/apk contains the following issue: The method creates a temporary file using the filename obtained from external parameters, and deletes the temporary file after copying. An attacker can exploit this by crafting the path of the temporary file to delete any .apk file on the system. Moreover, invoking this interface does not require any permission verification. Project Link: https://github.com/yzcheng90/X-SpringBoot Affected Version: master branch Affected API: /sys/oss/upload/apk Code Location: /src/main/java/com/suke/czx/modules/oss/controller/SysOssController.java:83
المصدر⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md
المستخدم
 ShenxiuSecurity (UID 84374)
ارسال16/06/2025 08:36 AM (1 سنة منذ)
الاعتدال26/06/2025 05:54 PM (10 days later)
الحالةتمت الموافقة
إدخال VulDB314006 [yzcheng90 X-SpringBoot حتى 5.0 APK File /sys/oss/upload/apk uploadApk ملف اجتياز الدليل]
النقاط20

Do you want to use VulDB in your project?

Use the official API to access entries easily!