제출 #597524: yzcheng90 X-SpringBoot master branch Path Traversal정보

제목yzcheng90 X-SpringBoot master branch Path Traversal
설명In the X-SpringBoot project, the file upload API /sys/oss/upload/apk contains the following issue: The method creates a temporary file using the filename obtained from external parameters, and deletes the temporary file after copying. An attacker can exploit this by crafting the path of the temporary file to delete any .apk file on the system. Moreover, invoking this interface does not require any permission verification. Project Link: https://github.com/yzcheng90/X-SpringBoot Affected Version: master branch Affected API: /sys/oss/upload/apk Code Location: /src/main/java/com/suke/czx/modules/oss/controller/SysOssController.java:83
원천⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md
사용자
 ShenxiuSecurity (UID 84374)
제출2025. 06. 16. AM 08:36 (1 년도 ago)
모더레이션2025. 06. 26. PM 05:54 (10 days later)
상태수락
VulDB 항목314006 [yzcheng90 X-SpringBoot 까지 5.0 APK File /sys/oss/upload/apk uploadApk 파일 디렉토리 순회]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!