Invia #504304: zz_erp https://gitee.com/zj1983/zz <=2024-8 Any file uploadinformazioni

Titolozz_erp https://gitee.com/zj1983/zz <=2024-8 Any file upload
DescrizioneThe Z platform is an open source and free JAVA low-code development platform. Through dynamic configuration, various WEB management systems can be quickly developed. The Z platform is a single architecture model, suitable for the development of various enterprise-level management systems. Technical architecture (StringMVC + MyBatis + EasyUI + Bootstrap). In its latest version of src/main/java/com/futvan/z/system/zfile/ZfileAction.upload interface, there is a vulnerability to upload any file, which does not require any conditions or permissions, can directly attack and can cross directories
Fonte⚠️ https://www.yuque.com/u123456789-6sobi/cdgcbq/bg2g3eit41o4cpd4?singleDoc# 《ZZ_Arbitrary file upload vulnerability》
Utente
 redpomelo (UID 79353)
Sottomissione20/02/2025 09:13 (1 Anno fa)
Moderazione01/03/2025 15:29 (9 days later)
StatoAccettato
Voce VulDB298091 [zj1983 zz fino a 2024-8 ZfileAction.upload File escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!