| 제목 | https://github.com/cld378632668/JavaMall JavaMall 1.0 Delete any file |
|---|
| 설명 | The MinioController.java interface of JavaMall 1.0 version has an arbitrary file deletion vulnerability. Its interface does not detect file names and file suffixes, nor does it have a method to prevent directory traversal. Attackers can delete arbitrary files by modifying the passed file names and file suffixes, causing serious consequences
In this call chain, there are no restrictions on file names and file suffixes, nor are there any restrictions. Through filtering, attackers can perform directory traversal and arbitrary file deletion by controlling the incoming file names. |
|---|
| 원천 | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/JavaMall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md |
|---|
| 사용자 | zyhsec (UID 93418) |
|---|
| 제출 | 2025. 12. 23. PM 02:48 (4 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 04. AM 09:39 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 339482 [cld378632668 JavaMall 까지 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 MinioController.java delete objectName 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|