| Titre | https://github.com/yeqifu carRental latest Path Traversal |
|---|
| Description | carRental is an open-source web application developed based on SpringBoot. In carRental, there is neither permission verification nor input sanitization, which allows for path traversal and the ability to read arbitrary files.
com.yeqifu.sys.controller.FileController#downloadShowFile is the entrance to the taint, no authorization is required. The downloadFile() function in the com.yeqifu.sys.utils.AppFileUtils class does not filter the incoming path parameter and fails to validate, allowing attackers to inject characters such as ../ to perform path traversal, ultimately leading to arbitrary file download. The value of the path parameter uses a relative path format, allowing any file to be downloaded. |
|---|
| La source | ⚠️ https://github.com/yeqifu/carRental/issues/46 |
|---|
| Utilisateur | mukyuuhate (UID 93052) |
|---|
| Soumission | 24/12/2025 14:26 (il y a 4 mois) |
|---|
| Modérer | 01/01/2026 12:31 (8 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 339354 [yeqifu carRental com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path directory traversal] |
|---|
| Points | 20 |
|---|