| عنوان | yohann( https://github.com/Yohann0617 ) oci-helper <=V3.2.4 Directory/Path Traversal |
|---|
| الوصف | A path traversal vulnerability exists in oci-helper version 3.2.4 and earlier in the OCI configuration upload functionality. The application fails to properly validate user-supplied filenames when processing file uploads through the /api/oci/addCfg endpoint. An authenticated attacker can exploit this vulnerability by uploading a file with a specially crafted filename containing path traversal sequences (e.g., ../../../), allowing arbitrary file write to any location on the server filesystem where the application has write permissions. Successful exploitation can lead to complete system compromise through SSH key replacement, configuration tampering, or malicious code injection via cron jobs. The vulnerability is present in the OciServiceImpl.addCfg() method at line 146, where MultipartFile.getOriginalFilename() is directly concatenated with the base directory path without sanitization. CVSS v3.1 Base Score: 8.1 (High) - AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. |
|---|
| المصدر | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/oci-helper-path-traversal-1/report.md |
|---|
| المستخدم | sh7err05 (UID 92498) |
|---|
| ارسال | 10/11/2025 03:03 PM (7 أشهر منذ) |
|---|
| الاعتدال | 02/12/2025 10:35 AM (22 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 334031 [Yohann0617 oci-helper حتى 3.2.4 OCI Configuration Upload OciServiceImpl.java addCfg ملف اجتياز الدليل] |
|---|
| النقاط | 20 |
|---|