제출 #739805: https://github.com/jishenghua/jshERP jshERP v3.6 Path Traversal정보

제목https://github.com/jishenghua/jshERP jshERP v3.6 Path Traversal
설명By accessing route "/jshERP-boot/plugin/uploadPluginConfigFile", send the request to handler "com.jsh.erp.controller.PluginController#uploadConfig". Then the user-passed MultipartFile object is passed to the function com.gitee.starblues.integration.operator.PluginOperator#uploadConfigFile. Finally reached the sink in the function "com.gitee.starblues.integration.operator.PluginOperator#uploadConfigFile" We can upload any file to the project directory, such as a webshell file.
원천⚠️ https://github.com/jishenghua/jshERP/issues/146
사용자
 mukyuuhate (UID 93052)
제출2026. 01. 15. PM 04:23 (3 개월 ago)
모더레이션2026. 01. 28. PM 05:53 (13 days later)
상태수락
VulDB 항목343245 [jishenghua jshERP 까지 3.6 PluginController uploadPluginConfigFile configFile 디렉토리 순회]
포인트들20

이전개요다음

Want to know what is going to be exploited?

We predict KEV entries!