| Titel | https://github.com/cld378632668/JavaMall JavaMall 1.0 Delete any file |
|---|
| Beschreibung | The MinioController.java interface of JavaMall 1.0 version has an arbitrary file deletion vulnerability. Its interface does not detect file names and file suffixes, nor does it have a method to prevent directory traversal. Attackers can delete arbitrary files by modifying the passed file names and file suffixes, causing serious consequences
In this call chain, there are no restrictions on file names and file suffixes, nor are there any restrictions. Through filtering, attackers can perform directory traversal and arbitrary file deletion by controlling the incoming file names. |
|---|
| Quelle | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/JavaMall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md |
|---|
| Benutzer | zyhsec (UID 93418) |
|---|
| Einreichung | 23.12.2025 14:48 (vor 4 Monaten) |
|---|
| Moderieren | 04.01.2026 09:39 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 339482 [cld378632668 JavaMall bis 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 MinioController.java delete objectName Directory Traversal] |
|---|
| Punkte | 20 |
|---|