| 제목 | https://github.com/1541492390c/yougou-mall?tab=readme-ov-file yougou-mall 1.0 Upload any file |
|---|
| 설명 | The 1.0 version of Yougou all's ResourceController. java interface has an arbitrary file upload vulnerability, as its interface does not detect file suffixes. Attackers can upload any type of file, which may result in getshell and more serious consequences.
In the upload method, after receiving the file suffix, the file suffix is directly concatenated into the new file name without any processing or restriction on the file suffix, which allows attackers to upload any type of file and creates an arbitrary file upload vulnerability, and there is no such thing as a vulnerability Performing detection may result in directory traversal |
|---|
| 원천 | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md |
|---|
| 사용자 | zyhsec (UID 93418) |
|---|
| 제출 | 2025. 12. 17. PM 03:38 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 19. AM 11:35 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 337600 [1541492390c yougou-mall 까지 0a771fa817c924efe52c8fe0a9a6658eee675f9f ResourceController.java upload/delete 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|