| Titre | https://github.com/cld378632668/JavaMall JavaMall 1.0 Upload any file |
|---|
| Description | The MinioController.java interface of JavaMall 1.0 version has an arbitrary file upload vulnerability. Its interface does not detect file suffixes and does not have a method to prevent directory traversal. Attackers can upload any type of file, which may result in getshell and more serious consequences
In the upload method, after receiving the file name and file suffix, the file name and file suffix are directly concatenated into the new file name without any processing or type restrictions on the file suffix, which allows attackers to upload any type of file, causing any file upload loophole, and also without any interference Detecting and filtering, resulting in directory traversal vulnerabilities. |
|---|
| La source | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/javamall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md |
|---|
| Utilisateur | zyhsec (UID 93418) |
|---|
| Soumission | 23/12/2025 14:27 (il y a 4 mois) |
|---|
| Modérer | 04/01/2026 09:39 (12 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 339481 [cld378632668 JavaMall MinioController.java upload élévation de privilèges] |
|---|
| Points | 20 |
|---|