| タイトル | WuKongOpenSource WukongCRM v11.0 System Path Disclosure(CWE-209) |
|---|
| 説明 | A system path disclosure vulnerability exists in the /adminFile/upload endpoint. The application’s DTO (Data Transfer Object) layer is improperly configured, causing it to directly return the full entity object to the frontend. As a result, sensitive information such as the real file storage path on the server is exposed in API responses. This information can be leveraged by attackers to gain insights into the server’s file structure, increasing the risk of further exploitation. |
|---|
| ソース | ⚠️ https://github.com/WuKongOpenSource/WukongCRM-11.0-JAVA/issues/26 |
|---|
| ユーザー | meraklbz (UID 87053) |
|---|
| 送信 | 2025年07月29日 11:31 (9 月 ago) |
|---|
| モデレーション | 2025年08月10日 21:08 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 319383 [WuKongOpenSource WukongCRM 11.0 API Response /adminFile/upload 情報漏えい] |
|---|
| ポイント | 20 |
|---|