| 제목 | zz_erp https://gitee.com/zj1983/zz <=2024-8 Any file upload |
|---|
| 설명 | The Z platform is an open source and free JAVA low-code development platform. Through dynamic configuration, various WEB management systems can be quickly developed. The Z platform is a single architecture model, suitable for the development of various enterprise-level management systems. Technical architecture (StringMVC + MyBatis + EasyUI + Bootstrap).
In its latest version of src/main/java/com/futvan/z/system/zfile/ZfileAction.upload interface, there is a vulnerability to upload any file, which does not require any conditions or permissions, can directly attack and can cross directories |
|---|
| 원천 | ⚠️ https://www.yuque.com/u123456789-6sobi/cdgcbq/bg2g3eit41o4cpd4?singleDoc# 《ZZ_Arbitrary file upload vulnerability》 |
|---|
| 사용자 | redpomelo (UID 79353) |
|---|
| 제출 | 2025. 02. 20. AM 09:13 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 01. PM 03:29 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 298091 [zj1983 zz 까지 2024-8 ZfileAction.upload 파일 권한 상승] |
|---|
| 포인트들 | 20 |
|---|