| タイトル | Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Arbitrary File Deletion Vulnerability |
|---|
| 説明 | 1. Vulnerability Name : Arbitrary File Deletion Vulnerability of Kingdee Cloud-Starry-Sky Enterprise Edition's BBC Mall
2. Vulnerability Contributor and Submitter: caichaoxiong (蔡超雄)
3. Vulnerability Level: High risk.
4. Vulnerability Description :
The fileUpload/deleteFileAction.jhtml interface of the background service of the Kingdee Cloud Star Enterprise Edition application software component: BBC Mall (Tomcat-BBCMallSite) does not perform effective security filtering on directory traversal characters ("../", "..\"), which allows users to pass in parameters for deleting background service files, thereby deleting files in any location of the background service, resulting in serious consequences such as the loss of background service files and data.
5. Repair Plan:
(1)Strictly validate the file path or file name provided by the user to ensure that the input conforms to the expected format and avoid maliciously constructed paths (such as ../../).
(2)Use the File.getCanonicalPath() method to convert the path entered by the user to an absolute path and check whether it is within the allowed directory range.
(3)Only pre-defined files or directories are allowed to be deleted, and all file operation requests not in the whitelist are rejected.
(4)Add permission control to the fileUpload/deleteFileAction.jhtml interface, for example: users can only delete files uploaded by themselves. |
|---|
| ソース | ⚠️ https://wx.mail.qq.com/s?k=nFbp0U0gSX0QVechIO |
|---|
| ユーザー | caichaoxiong (UID 84060) |
|---|
| 送信 | 2025年05月04日 16:18 (12 月 ago) |
|---|
| モデレーション | 2025年05月21日 12:51 (17 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 309847 [Kingdee Cloud Galaxy Private Cloud BBC System 迄 9.0 Patch April 2025 File deleteFileAction.jhtml filePath ディレクトリトラバーサル] |
|---|
| ポイント | 17 |
|---|