letao <=1.0.0 Dangerous type of file upload (CWE-434)정보

제목	zhousg https://github.com/zhousg/letao <=1.0.0 Dangerous type of file upload (CWE-434)
설명	The project uses formidable with keepExtensions set to true, and has insecure file upload checking mechanisms. It allows attackers to upload malicious files with arbitrary extensions, potentially creating attack vectors for stored Cross-Site Scripting (XSS)
원천	⚠️ https://github.com/zhousg/letao/issues/13
사용자	ZAST.AI (UID 87884)
제출	2025. 07. 21. AM 11:43 (11 개월 ago)
모더레이션	2025. 07. 24. PM 05:19 (3 days later)
상태	수락
VulDB 항목	317513 [zhousg letao 까지 7d8df0386a65228476290949e0413de48f7fbe98 routes\bf\product.js pictrdtz 권한 상승]
포인트들	17

Want to know what is going to be exploited?

We predict KEV entries!