| Titel | linlinjava litemall <=v1.8.0 Arbitrary File Deletion |
|---|
| Beschreibung | An arbitrary file deletion vulnerability exists in the Litemall system at the /admin/storage/delete endpoint. Due to insufficient validation of user-provided input, authenticated users with delete permissions can craft requests to remove any file from the server's file system, including critical system files. This vulnerability poses a high risk as it can directly lead to denial of service or further compromise of the system. |
|---|
| Quelle | ⚠️ https://github.com/linlinjava/litemall/issues/564 |
|---|
| Benutzer | ez-lbz (UID 87033) |
|---|
| Einreichung | 28.07.2025 03:37 (vor 9 Monaten) |
|---|
| Moderieren | 08.08.2025 15:25 (11 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 319250 [linlinjava litemall bis 1.8.0 File /admin/storage/delete key Directory Traversal] |
|---|
| Punkte | 19 |
|---|