Submit #592362: hansonwang99 Spring-Boot-In-Action master branch Path Traversalinfo

Titlehansonwang99 Spring-Boot-In-Action master branch Path Traversal
DescriptionIn the subproject `springbt_watermark` of the `Spring-Boot-In-Action` repository, the file upload endpoint `/watermarktest` lacks proper path validation. An attacker can exploit this by crafting path parameters to upload files to arbitrary locations on the system. - **Project Link:** `https://github.com/hansonwang99/Spring-Boot-In-Action` - **Affected Version:** `master branch` - **Affected API:** `/watermarktest` - **Code Path:** `/springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java:25`
Source⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-01.md
User
 ShenxiuSecurity (UID 84374)
Submission06/07/2025 10:12 (1 Year ago)
Moderation06/15/2025 11:54 (8 days later)
StatusAccepted
VulDB entry312577 [hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa File Upload ImageUploadService.java watermarkTest filename path traversal]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!