| Название | https://github.com/guchengwuyue/yshopmall yshopmall V1.9.1 Incomplete Identification of Uploaded File Variables |
|---|
| Описание | From function co.yixiang.modules.system.rest.SysUserController#updateAvatar to function co.yixiang.utils.FileUtil#upload.
Users can freely upload malicious files such as HTML and JSP, which can lead to XSS or even RCE vulnerabilities.
Taint Propagation:
SysUserController.updateAvatar() Line 205: @RequestParam MultipartFile file
↓
Line 206: userService.updateAvatar(file)
↓
SysUserServiceImpl.updateAvatar() Line 185: FileUtil.upload(multipartFile, avatar)
↓
FileUtil.upload() Line 163: File dest = new File(path).getCanonicalFile()
↓
Line 169: file.transferTo(dest) |
|---|
| Источник | ⚠️ https://github.com/guchengwuyue/yshopmall/issues/40 |
|---|
| Пользователь | mukyuuhate (UID 93052) |
|---|
| Представление | 27.01.2026 14:18 (3 месяцы назад) |
|---|
| Модерация | 07.02.2026 08:50 (11 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 344848 [guchengwuyue yshopmall до 1.9.1 co.yixiang.utils.FileUtil /api/users/updateAvatar Файл эскалация привилегий] |
|---|
| Баллы | 20 |
|---|