| عنوان | yeqifu warehouse aaf29962ba407d22d991781de28796ee7b4670e4 Arbitrary File Read |
|---|
| الوصف | An arbitrary file read vulnerability was discovered in AppFileUtils.java of the project https://github.com/yeqifu/warehouse. The affected functionality is an image display route (/file/showImageByPath?path=)that invokes AppFileUtils.java and accepts a user-controlled path parameter to locate files under a specified directory. Due to improper input validation, the path parameter is directly used to read files without verifying its legitimacy. By manipulating the path parameter with relative path sequences, an attacker can access, download, or view arbitrary files on the server. |
|---|
| المصدر | ⚠️ https://github.com/5i1encee/Vul/blob/main/Arbitrary%20File%20Read%20Vulnerability%20in%20Project%20yeqifu%20warehouse.md |
|---|
| المستخدم | 5i1encee (UID 94076) |
|---|
| ارسال | 02/01/2026 11:33 AM (3 أشهر منذ) |
|---|
| الاعتدال | 02/01/2026 01:32 PM (2 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 339385 [yeqifu warehouse حتى aaf29962ba407d22d991781de28796ee7b4670e4 AppFileUtils.java createResponseEntity path اجتياز الدليل] |
|---|
| النقاط | 20 |
|---|