| Titre | JoeyBling bootplus 1.0 any file download available |
|---|
| Description | The download method of src/main/java/io/github/controller/SysFileController.java does not filter the name parameter, resulting in the absolute path of the input file being able to download the file |
|---|
| La source | ⚠️ https://github.com/JoeyBling/bootplus/issues/25 |
|---|
| Utilisateur | LVZC3 (UID 79687) |
|---|
| Soumission | 14/01/2025 12:44 (il y a 1 Année) |
|---|
| Modérer | 24/01/2025 10:46 (10 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 293231 [JoeyBling bootplus SysFileController.java Nom directory traversal] |
|---|
| Points | 16 |
|---|