| タイトル | linlinjava litemall <=v1.8.0 Arbitrary File Deletion |
|---|
| 説明 | An arbitrary file deletion vulnerability exists in the Litemall system at the /admin/storage/delete endpoint. Due to insufficient validation of user-provided input, authenticated users with delete permissions can craft requests to remove any file from the server's file system, including critical system files. This vulnerability poses a high risk as it can directly lead to denial of service or further compromise of the system. |
|---|
| ソース | ⚠️ https://github.com/linlinjava/litemall/issues/564 |
|---|
| ユーザー | ez-lbz (UID 87033) |
|---|
| 送信 | 2025年07月28日 03:37 (9 月 ago) |
|---|
| モデレーション | 2025年08月08日 15:25 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 319250 [linlinjava litemall 迄 1.8.0 File /admin/storage/delete key ディレクトリトラバーサル] |
|---|
| ポイント | 19 |
|---|