Submeter #722000: https://github.com/cld378632668/JavaMall JavaMall 1.0 Delete any fileinformação

Títulohttps://github.com/cld378632668/JavaMall JavaMall 1.0 Delete any file
DescriçãoThe MinioController.java interface of JavaMall 1.0 version has an arbitrary file deletion vulnerability. Its interface does not detect file names and file suffixes, nor does it have a method to prevent directory traversal. Attackers can delete arbitrary files by modifying the passed file names and file suffixes, causing serious consequences In this call chain, there are no restrictions on file names and file suffixes, nor are there any restrictions. Through filtering, attackers can perform directory traversal and arbitrary file deletion by controlling the incoming file names.
Fonte⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/JavaMall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md
Utilizador
 zyhsec (UID 93418)
Submissão23/12/2025 14h48 (há 4 meses)
Moderação04/01/2026 09h39 (12 days later)
EstadoAceite
Entrada VulDB339482 [cld378632668 JavaMall até 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 MinioController.java delete objectName Travessia de Diretório]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!