제출 #774689: SSCMS V4.7.0 SSCMS Arbitrary File Deletion정보

제목SSCMS V4.7.0 SSCMS Arbitrary File Deletion
설명endpoint accepts user-controlled filePaths and does not enforce a secure canonical-path boundary check. By supplying traversal input (e.g., ../...), an attacker with admin access can target files outside the intended upload scope. If isLinkToOriginal=false, it deletes the original file path, enabling arbitrary file deletion. Affected Code
원천⚠️ https://www.yuque.com/la12138/pa2fpb/vlyutc51eb7vhwaz?singleDoc
사용자
 Saul1213 (UID 94577)
제출2026. 03. 07. PM 01:27 (2 개월 ago)
모더레이션2026. 03. 21. PM 04:17 (14 days later)
상태수락
VulDB 항목352359 [SSCMS 4.7.0 layerImage Endpoint LayerImageController.Submit.cs filePaths 디렉토리 순회]
포인트들18

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!