| Título | https://github.com/yeqifu carRental latest Path Traversal |
|---|
| Descripción | carRental is an open-source web application developed based on SpringBoot. In carRental, there is neither permission verification nor input sanitization, which allows for path traversal and the ability to read arbitrary files.
com.yeqifu.sys.controller.FileController#downloadShowFile is the entrance to the taint, no authorization is required. The downloadFile() function in the com.yeqifu.sys.utils.AppFileUtils class does not filter the incoming path parameter and fails to validate, allowing attackers to inject characters such as ../ to perform path traversal, ultimately leading to arbitrary file download. The value of the path parameter uses a relative path format, allowing any file to be downloaded. |
|---|
| Fuente | ⚠️ https://github.com/yeqifu/carRental/issues/46 |
|---|
| Usuario | mukyuuhate (UID 93052) |
|---|
| Sumisión | 2025-12-24 14:26 (hace 4 meses) |
|---|
| Moderación | 2026-01-01 12:31 (8 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 339354 [yeqifu carRental hasta 3fabb7eae93d209426638863980301d6f99866b3 com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path recorrido de directorios] |
|---|
| Puntos | 20 |
|---|