| Title | taoofagi easegen-admin 2.3.0 Path Traversal |
|---|
| Description | The easegen-admin application contains a critical arbitrary file read vulnerability in the document parsing functionality. The /admin-api/digitalcourse/courses/docparse endpoint accepts a user-controlled fileUrl parameter that is improperly validated, allowing attackers to read arbitrary files from the server's filesystem using the file:// protocol. |
|---|
| Source | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/KezQdqzVGoTVj9x8SH1c9dNvnOg?from=from_copylink |
|---|
| User | xcxr (UID 86629) |
|---|
| Submission | 03/05/2026 02:17 (1 month ago) |
|---|
| Moderation | 03/16/2026 17:26 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 351291 [taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433 Pdf2MdUtil.java recognizeMarkdown fileUrl path traversal] |
|---|
| Points | 19 |
|---|