Submeter #623859: linlinjava litemall <=v1.8.0 Arbitrary File Deletioninformação

Títulolinlinjava litemall <=v1.8.0 Arbitrary File Deletion
DescriçãoAn arbitrary file deletion vulnerability exists in the Litemall system at the /admin/storage/delete endpoint. Due to insufficient validation of user-provided input, authenticated users with delete permissions can craft requests to remove any file from the server's file system, including critical system files. This vulnerability poses a high risk as it can directly lead to denial of service or further compromise of the system.
Fonte⚠️ https://github.com/linlinjava/litemall/issues/564
Utilizador
 ez-lbz (UID 87033)
Submissão28/07/2025 03h37 (há 9 meses)
Moderação08/08/2025 15h25 (11 days later)
EstadoAceite
Entrada VulDB319250 [linlinjava litemall até 1.8.0 File /admin/storage/delete key Travessia de Diretório]
Pontos19

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!