Enviar #624693: WuKongOpenSource WukongCRM v11.0 System Path Disclosure(CWE-209)información

TítuloWuKongOpenSource WukongCRM v11.0 System Path Disclosure(CWE-209)
DescripciónA system path disclosure vulnerability exists in the /adminFile/upload endpoint. The application’s DTO (Data Transfer Object) layer is improperly configured, causing it to directly return the full entity object to the frontend. As a result, sensitive information such as the real file storage path on the server is exposed in API responses. This information can be leveraged by attackers to gain insights into the server’s file structure, increasing the risk of further exploitation.
Fuente⚠️ https://github.com/WuKongOpenSource/WukongCRM-11.0-JAVA/issues/26
Usuario
 meraklbz (UID 87053)
Sumisión2025-07-29 11:31 (hace 9 meses)
Moderación2025-08-10 21:08 (12 days later)
EstadoAceptado
Entrada de VulDB319383 [WuKongOpenSource WukongCRM 11.0 API Response /adminFile/upload divulgación de información]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!