| 제목 | xiaowei1118 java_server master branch Path Traversal |
|---|
| 설명 | In the java_server project, the file upload API /service/uploadDetailImage contains the following issue:
Files are deleted through path concatenation without effectively validating the external parameters used in the path. The code processes "/" path separators, but on Windows systems, it is possible to bypass this by using "\" separators, allowing arbitrary file deletion.
Project Link: https://github.com/xiaowei1118/java_server
Affected Version: master branch
Affected API: /service/uploadDetailImage
Code Location: java_server-master/src/main/java/com/changyu/foryou/controller/FoodController.java:1244 |
|---|
| 원천 | ⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250418-02.md |
|---|
| 사용자 | ShenxiuSecurity (UID 84374) |
|---|
| 제출 | 2025. 04. 18. AM 08:22 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 05. 01. PM 02:39 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 306797 [xiaowei1118 java_server 까지 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a 켜짐 Windows File Upload API FoodController.java 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|