sz-boot-parent sz-boot-parent <= v1.3.2-beta Arbitrary_File_Readالمعلومات

عنوان	feiyuchuixue https://github.com/feiyuchuixue/sz-boot-parent sz-boot-parent <= v1.3.2-beta Arbitrary_File_Read
الوصف	The API `/api/admin/common/download/templates?templateName=../application.yml` is vulnerable to directory traversal, which allows attackers to read arbitrary resource files on the server. In the `CommonServiceImpl.java` file, the `templateName` parameter is directly concatenated to the `templatePath` that starts with `classpath:/templates/` for resource acquisition. This improper parameter handling enables attackers to use the `../` sequence to break out of the `templates` directory, thereby gaining unauthorized access to and reading any resource file on the server.
المصدر	⚠️ https://github.com/yuccun/CVE/blob/main/sz-boot-parent-Path_Traversal_to_Arbitrary_Resource_File_Read.md
المستخدم	yuccun (UID 93614)
ارسال	07/02/2026 08:08 PM (3 أشهر منذ)
الاعتدال	25/02/2026 09:32 AM (18 days later)
الحالة	تمت الموافقة
إدخال VulDB	347746 [feiyuchuixue sz-boot-parent حتى 1.3.2-beta API templates templateName اجتياز الدليل]
النقاط	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!