Submit #514721: VBlog 1.0.0 Unrestricted Uploadinfo

TitelVBlog 1.0.0 Unrestricted Upload
BeschreibungIn the file blogserver/src/main/java/org/sang/controller/ArticleController.java, the function uploadImg does not verify the type of file and just save to disk.Meanwhile, imgFolderPath is generated by user input filePath, which can be set as /../../, thus, the file can be uploaded to any path.
Quelle⚠️ https://www.notion.so/Arbitrary-File-Upload-Vulnerability-in-VBlog-1-0-0-1adc693918ed8067b19ed9c61381024b
Benutzer
 s0l42 (UID 82389)
Einreichung05.03.2025 07:34 (vor 1 Jahr)
Moderieren16.03.2025 10:28 (11 days later)
StatusAkzeptiert
VulDB Eintrag299862 [lenve VBlog bis 1.0.0 ArticleController.java uploadImg filename Directory Traversal]
Punkte14

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!