| शीर्षक | Oinone Oinone Oinone <= 7.2.0 File Upload |
|---|
| विवरण | Oinone AI Low-Code Development Framework is a 100% metadata-driven framework. While most Oinone functions are controlled by the GraphQL permission gateway, LocalFileClient.java (a standard Spring RestController) is directly exposed at the /file/upload path, completely bypassing the system's intended permission validation logic.
The interface retrieves a filename via request.getParameter("uniqueFileName"). During the concatenation of the physical storage path, the system fails to filter or normalize directory traversal characters (e.g., ../). An attacker can construct a filename like ../../../../etc/cron.d/ and exploit the operating system's path resolution to escape the restricted storage directory. This allows them to write malicious instructions into the Linux system's scheduled tasks directory (cron.d) or overwrite any arbitrary file. |
|---|
| स्रोत | ⚠️ https://github.com/SourByte05/SourByte-Lab/issues/14 |
|---|
| उपयोगकर्ता | sourbyte (UID 94279) |
|---|
| सबमिशन | 22/04/2026 10:23 AM (2 महीनों पहले) |
|---|
| संयम | 16/05/2026 12:30 PM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 364324 [Oinone Pamirs तक 7.2.0 RestController LocalFileClient.java request.getParameter uniqueFileName निर्देशिका ट्रैवर्सल] |
|---|
| अंक | 20 |
|---|