| タイトル | https://github.com/cld378632668/JavaMall JavaMall 1.0 Delete any file |
|---|
| 説明 | The MinioController.java interface of JavaMall 1.0 version has an arbitrary file deletion vulnerability. Its interface does not detect file names and file suffixes, nor does it have a method to prevent directory traversal. Attackers can delete arbitrary files by modifying the passed file names and file suffixes, causing serious consequences
In this call chain, there are no restrictions on file names and file suffixes, nor are there any restrictions. Through filtering, attackers can perform directory traversal and arbitrary file deletion by controlling the incoming file names. |
|---|
| ソース | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/JavaMall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md |
|---|
| ユーザー | zyhsec (UID 93418) |
|---|
| 送信 | 2025年12月23日 14:48 (4 月 ago) |
|---|
| モデレーション | 2026年01月04日 09:39 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 339482 [cld378632668 JavaMall 迄 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 MinioController.java delete objectName ディレクトリトラバーサル] |
|---|
| ポイント | 20 |
|---|