| Title | perfree go-fastdfs-web v1.3.7 Unauthorized takeover of the platform Vulnerability |
|---|
| Description | A vulnerability classified as a key was found in go-fastdfs-web 1.3.7. This problem will affect the file src/main/java/com/perfree/controller/InstallController.java file/install/doInstall interface. After the installation of the project, it will not Due to the deletion of its installation interface and installation route, the attacker can take over the platform through the second installation and obtain the system authority of the platform without authorization. The vulnerability has been disclosed to the public and may be used. |
|---|
| Source | ⚠️ https://gitee.com/ying-xiujie/cve/issues/IGB6M9 |
|---|
| User | yingxiujie (UID 96521) |
|---|
| Submission | 03/17/2026 05:12 (26 days ago) |
|---|
| Moderation | 04/11/2026 09:14 (25 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 356964 [perfree go-fastdfs-web up to 1.3.7 doInstall Interface InstallController.java improper authorization] |
|---|
| Points | 20 |
|---|