| Titel | https://github.com/1541492390c/yougou-mall yougou-mall 1.0 Delete any file |
|---|
| Beschreibung | The 1.0 version of Yougou all's ResourceController. java interface has an arbitrary file deletion vulnerability, as its interface does not fully detect file names and directories, allowing attackers to exploit it The./symbol is encoded to bypass detection, causing arbitrary file deletion.
This code only segments the target string using '/' and only verifies if the segmented segment is' Or To prevent path traversal risks, this protection mechanism has significant flaws. Attackers can bypass detection in various ways, triggering directory traversal vulnerabilities and ultimately leading to high-risk security consequences such as arbitrary file deletion |
|---|
| Quelle | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md |
|---|
| Benutzer | zyhsec (UID 93418) |
|---|
| Einreichung | 21.12.2025 10:38 (vor 4 Monaten) |
|---|
| Moderieren | 27.12.2025 21:08 (6 days later) |
|---|
| Status | Duplikat |
|---|
| VulDB Eintrag | 337600 [1541492390c yougou-mall bis 0a771fa817c924efe52c8fe0a9a6658eee675f9f ResourceController.java upload/delete Directory Traversal] |
|---|
| Punkte | 0 |
|---|