제출 #618361: RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)정보

제목RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)
설명The endpoint /common/upload and /common/uploads allow user uploads html, htm and PDF filetypes without sanitizer which leads to Stored XSS.
원천⚠️ https://github.com/yangzongzhuan/RuoYi/issues/296
사용자
 ZAST.AI (UID 87884)
제출2025. 07. 18. AM 11:31 (11 개월 ago)
모더레이션2025. 07. 19. PM 08:39 (1 day later)
상태수락
VulDB 항목317021 [yangzongzhuan RuoYi 까지 4.8.1 CommonController.java uploadFile 파일 권한 상승]
포인트들15

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!