Enviar #597524: yzcheng90 X-SpringBoot master branch Path Traversalinformación

Títuloyzcheng90 X-SpringBoot master branch Path Traversal
DescripciónIn the X-SpringBoot project, the file upload API /sys/oss/upload/apk contains the following issue: The method creates a temporary file using the filename obtained from external parameters, and deletes the temporary file after copying. An attacker can exploit this by crafting the path of the temporary file to delete any .apk file on the system. Moreover, invoking this interface does not require any permission verification. Project Link: https://github.com/yzcheng90/X-SpringBoot Affected Version: master branch Affected API: /sys/oss/upload/apk Code Location: /src/main/java/com/suke/czx/modules/oss/controller/SysOssController.java:83
Fuente⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md
Usuario
 ShenxiuSecurity (UID 84374)
Sumisión2025-06-16 08:36 (hace 1 Año)
Moderación2025-06-26 17:54 (10 days later)
EstadoAceptado
Entrada de VulDB314006 [yzcheng90 X-SpringBoot hasta 5.0 APK File /sys/oss/upload/apk uploadApk Archivo recorrido de directorios]
Puntos20

Do you know our Splunk app?

Download it now for free!