| Titel | https://github.com/cld378632668/JavaMall JavaMall 1.0 Upload any file |
|---|
| Beschreibung | The MinioController.java interface of JavaMall 1.0 version has an arbitrary file upload vulnerability. Its interface does not detect file suffixes and does not have a method to prevent directory traversal. Attackers can upload any type of file, which may result in getshell and more serious consequences
In the upload method, after receiving the file name and file suffix, the file name and file suffix are directly concatenated into the new file name without any processing or type restrictions on the file suffix, which allows attackers to upload any type of file, causing any file upload loophole, and also without any interference Detecting and filtering, resulting in directory traversal vulnerabilities. |
|---|
| Quelle | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/javamall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md |
|---|
| Benutzer | zyhsec (UID 93418) |
|---|
| Einreichung | 23.12.2025 14:27 (vor 4 Monaten) |
|---|
| Moderieren | 04.01.2026 09:39 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 339481 [cld378632668 JavaMall bis 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 MinioController.java upload erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|