| عنوان | https://github.com/yeqifu carRental latest Path Traversal |
|---|
| الوصف | carRental is an open-source web application developed based on SpringBoot. In carRental, there is neither permission verification nor input sanitization, which allows for path traversal and the ability to read arbitrary files.
com.yeqifu.sys.controller.FileController#downloadShowFile is the entrance to the taint, no authorization is required. The downloadFile() function in the com.yeqifu.sys.utils.AppFileUtils class does not filter the incoming path parameter and fails to validate, allowing attackers to inject characters such as ../ to perform path traversal, ultimately leading to arbitrary file download. The value of the path parameter uses a relative path format, allowing any file to be downloaded. |
|---|
| المصدر | ⚠️ https://github.com/yeqifu/carRental/issues/46 |
|---|
| المستخدم | mukyuuhate (UID 93052) |
|---|
| ارسال | 24/12/2025 02:26 PM (4 أشهر منذ) |
|---|
| الاعتدال | 01/01/2026 12:31 PM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 339354 [yeqifu carRental حتى 3fabb7eae93d209426638863980301d6f99866b3 com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path اجتياز الدليل] |
|---|
| النقاط | 20 |
|---|