| Title | https://github.com/1541492390c/yougou-mall?tab=readme-ov-file yougou-mall 1.0 Upload any file |
|---|
| Description | The 1.0 version of Yougou all's ResourceController. java interface has an arbitrary file upload vulnerability, as its interface does not detect file suffixes. Attackers can upload any type of file, which may result in getshell and more serious consequences.
In the upload method, after receiving the file suffix, the file suffix is directly concatenated into the new file name without any processing or restriction on the file suffix, which allows attackers to upload any type of file and creates an arbitrary file upload vulnerability, and there is no such thing as a vulnerability Performing detection may result in directory traversal |
|---|
| Source | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md |
|---|
| User | zyhsec (UID 93418) |
|---|
| Submission | 12/17/2025 15:38 (4 months ago) |
|---|
| Moderation | 12/19/2025 11:35 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 337600 [1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f ResourceController.java upload/delete path traversal] |
|---|
| Points | 20 |
|---|