| Title | z-9527 admin ≤ commit 72aaf2d Path Traversal: '../filedir' |
|---|
| Description | An unrestricted file upload vulnerability exists in Z-9527 Admin ≤ commit 72aaf2d at the /upload endpoint, where the fileType query parameter is concatenated into the target filesystem path without validation or canonicalization, and the optional isImg check can be bypassed. As a result, authenticated attackers can write arbitrary files to the server filesystem. Mitigations include mapping fileType to a server-side whitelist of directories, canonicalizing and verifying that resolved paths are inside a fixed upload root, rejecting directory-traversal or absolute-path inputs, generating safe server-side filenames, validating content by magic bytes and size, storing uploads outside the webroot, and running the service with least privilege. |
|---|
| Source | ⚠️ https://github.com/CC-T-454455/Vulnerabilities/tree/master/z9527-admin/vulnerability-9 |
|---|
| User | Anonymous User |
|---|
| Submission | 03/12/2026 03:21 (17 days ago) |
|---|
| Moderation | 03/27/2026 14:48 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 353886 [z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2 isImg Check /server/utils/upload.js uploadFile fileType path traversal] |
|---|
| Points | 20 |
|---|