| タイトル | MTA Maita Training System v4.5 Arbitrary File Upload Vulnerability |
|---|
| 説明 | 1.Vulnerability name: Arbitrary File Upload Vulnerability for MTA Maita Training System
2.Vulnerability level: High risk
3.Bug submitter and contributor: caichaoxiong
4.Vulnerability affected version : v4.5
5.Vulnerability Description:
MTA Maita training system v4.5, when the upload.type in the configuration file of the application system is local, there is a security defect in the background application system when processing directory traversal, there is an arbitrary file upload vulnerability, and there is an arbitrary file download vulnerability, which can lead to the leakage of background service data files, or the upload of Webshell leading to the control of the server and other serious consequences.
6. Vulnerability fix:
The arbitrary file upload vulnerability needs to focus on type verification, path isolation, and content security . The arbitrary download vulnerability needs to strengthen input filtering, permission control, and storage isolation. Both need to be combined with comprehensive repair measures such as whitelist mechanism, server reinforcement, and log monitoring. |
|---|
| ソース | ⚠️ https://wx.mail.qq.com/s?k=o3X5wV0ZZH0nuusQdO |
|---|
| ユーザー | caichaoxiong (UID 84060) |
|---|
| 送信 | 2025年05月16日 10:30 (12 月 ago) |
|---|
| モデレーション | 2025年05月25日 15:24 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 310259 [llisoft MTA Maita Training System 4.5 OpenController.java this.fileService.download url 特権昇格] |
|---|
| ポイント | 17 |
|---|