Soumettre #729331: yeqifu warehouse aaf29962ba407d22d991781de28796ee7b4670e4 Arbitrary File Readinformation

Titreyeqifu warehouse aaf29962ba407d22d991781de28796ee7b4670e4 Arbitrary File Read
DescriptionAn arbitrary file read vulnerability was discovered in AppFileUtils.java of the project https://github.com/yeqifu/warehouse. The affected functionality is an image display route (/file/showImageByPath?path=)that invokes AppFileUtils.java and accepts a user-controlled path parameter to locate files under a specified directory. Due to improper input validation, the path parameter is directly used to read files without verifying its legitimacy. By manipulating the path parameter with relative path sequences, an attacker can access, download, or view arbitrary files on the server.
La source⚠️ https://github.com/5i1encee/Vul/blob/main/Arbitrary%20File%20Read%20Vulnerability%20in%20Project%20yeqifu%20warehouse.md
Utilisateur
 5i1encee (UID 94076)
Soumission02/01/2026 11:33 (il y a 4 mois)
Modérer02/01/2026 13:32 (2 hours later)
StatutAccepté
Entrée VulDB339385 [yeqifu warehouse AppFileUtils.java createResponseEntity path directory traversal]
Points20

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!