| Title | zhijiantianya ruoyi-vue-pro 2.4.1 Arbitrary file deletion vulnerability --uploadNewsImage |
|---|
| Description | There is an arbitrary file deletion vulnerability caused by directory traversal in the material upload interface of ruoyi-vue-pro v2.4.1, as described in the `/admin-api/mp/material/upload-news-image` section. Hackers can exploit this vulnerability to delete files that can be accessed by the programme. |
|---|
| Source | ⚠️ https://github.com/uglory-gll/javasec/blob/main/ruoyi-vue-pro.md |
|---|
| User | uglory (UID 82151) |
|---|
| Submission | 03/13/2025 06:07 AM (1 Year ago) |
|---|
| Moderation | 03/24/2025 03:44 PM (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 300846 [zhijiantianya ruoyi-vue-pro 2.4.1 Material Upload Interface upload-news-image File path traversal] |
|---|
| Points | 17 |
|---|