Отправить #597524: yzcheng90 X-SpringBoot master branch Path TraversalИнформация

Названиеyzcheng90 X-SpringBoot master branch Path Traversal
ОписаниеIn the X-SpringBoot project, the file upload API /sys/oss/upload/apk contains the following issue: The method creates a temporary file using the filename obtained from external parameters, and deletes the temporary file after copying. An attacker can exploit this by crafting the path of the temporary file to delete any .apk file on the system. Moreover, invoking this interface does not require any permission verification. Project Link: https://github.com/yzcheng90/X-SpringBoot Affected Version: master branch Affected API: /sys/oss/upload/apk Code Location: /src/main/java/com/suke/czx/modules/oss/controller/SysOssController.java:83
Источник⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md
Пользователь
 ShenxiuSecurity (UID 84374)
Представление16.06.2025 08:36 (1 Год назад)
Модерация26.06.2025 17:54 (10 days later)
Статуспринято
Запись VulDB314006 [yzcheng90 X-SpringBoot до 5.0 APK File /sys/oss/upload/apk uploadApk Файл обход каталога]
Баллы20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!