| Title | VBlog 1.0.0 Unrestricted Upload |
|---|
| Description | In the file blogserver/src/main/java/org/sang/controller/ArticleController.java, the function uploadImg does not verify the type of file and just save to disk.Meanwhile, imgFolderPath is generated by user input filePath, which can be set as /../../, thus, the file can be uploaded to any path. |
|---|
| Source | ⚠️ https://www.notion.so/Arbitrary-File-Upload-Vulnerability-in-VBlog-1-0-0-1adc693918ed8067b19ed9c61381024b |
|---|
| User | s0l42 (UID 82389) |
|---|
| Submission | 03/05/2025 07:34 (1 Year ago) |
|---|
| Moderation | 03/16/2025 10:28 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 299862 [lenve VBlog up to 1.0.0 ArticleController.java uploadImg filename path traversal] |
|---|
| Points | 14 |
|---|