| 제목 | MTA Maita Training System v4.5 Arbitrary File Upload Vulnerability |
|---|
| 설명 | 1.Vulnerability name: Arbitrary File Upload Vulnerability for MTA Maita Training System
2.Vulnerability level: High risk
3.Bug submitter and contributor: caichaoxiong
4.Vulnerability affected version : v4.5
5.Vulnerability Description:
MTA Maita training system v4.5, when the upload.type in the configuration file of the application system is local, there is a security defect in the background application system when processing directory traversal, there is an arbitrary file upload vulnerability, and there is an arbitrary file download vulnerability, which can lead to the leakage of background service data files, or the upload of Webshell leading to the control of the server and other serious consequences.
6. Vulnerability fix:
The arbitrary file upload vulnerability needs to focus on type verification, path isolation, and content security . The arbitrary download vulnerability needs to strengthen input filtering, permission control, and storage isolation. Both need to be combined with comprehensive repair measures such as whitelist mechanism, server reinforcement, and log monitoring. |
|---|
| 원천 | ⚠️ https://wx.mail.qq.com/s?k=o3X5wV0ZZH0nuusQdO |
|---|
| 사용자 | caichaoxiong (UID 84060) |
|---|
| 제출 | 2025. 05. 16. AM 10:30 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 05. 25. PM 03:24 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 310259 [llisoft MTA Maita Training System 4.5 OpenController.java this.fileService.download url 권한 상승] |
|---|
| 포인트들 | 17 |
|---|