| タイトル | yeqifu warehouse aaf29962ba407d22d991781de28796ee7b4670e4 Arbitrary File Read |
|---|
| 説明 | An arbitrary file read vulnerability was discovered in AppFileUtils.java of the project https://github.com/yeqifu/warehouse. The affected functionality is an image display route (/file/showImageByPath?path=)that invokes AppFileUtils.java and accepts a user-controlled path parameter to locate files under a specified directory. Due to improper input validation, the path parameter is directly used to read files without verifying its legitimacy. By manipulating the path parameter with relative path sequences, an attacker can access, download, or view arbitrary files on the server. |
|---|
| ソース | ⚠️ https://github.com/5i1encee/Vul/blob/main/Arbitrary%20File%20Read%20Vulnerability%20in%20Project%20yeqifu%20warehouse.md |
|---|
| ユーザー | 5i1encee (UID 94076) |
|---|
| 送信 | 2026年01月02日 11:33 (3 月 ago) |
|---|
| モデレーション | 2026年01月02日 13:32 (2 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 339385 [yeqifu warehouse 迄 aaf29962ba407d22d991781de28796ee7b4670e4 AppFileUtils.java createResponseEntity path ディレクトリトラバーサル] |
|---|
| ポイント | 20 |
|---|