| tiêu đề | Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Arbitrary File Deletion Vulnerability |
|---|
| Mô tả | 1. Vulnerability Name : Arbitrary File Deletion Vulnerability of Kingdee Cloud-Starry-Sky Enterprise Edition's BBC Mall
2. Vulnerability Contributor and Submitter: caichaoxiong (蔡超雄)
3. Vulnerability Level: High risk.
4. Vulnerability Description :
The fileUpload/deleteFileAction.jhtml interface of the background service of the Kingdee Cloud Star Enterprise Edition application software component: BBC Mall (Tomcat-BBCMallSite) does not perform effective security filtering on directory traversal characters ("../", "..\"), which allows users to pass in parameters for deleting background service files, thereby deleting files in any location of the background service, resulting in serious consequences such as the loss of background service files and data.
5. Repair Plan:
(1)Strictly validate the file path or file name provided by the user to ensure that the input conforms to the expected format and avoid maliciously constructed paths (such as ../../).
(2)Use the File.getCanonicalPath() method to convert the path entered by the user to an absolute path and check whether it is within the allowed directory range.
(3)Only pre-defined files or directories are allowed to be deleted, and all file operation requests not in the whitelist are rejected.
(4)Add permission control to the fileUpload/deleteFileAction.jhtml interface, for example: users can only delete files uploaded by themselves. |
|---|
| Nguồn | ⚠️ https://wx.mail.qq.com/s?k=nFbp0U0gSX0QVechIO |
|---|
| Người dùng | caichaoxiong (UID 84060) |
|---|
| Đệ trình | 04/05/2025 16:18 (cách đây 12 các tháng) |
|---|
| Kiểm duyệt | 21/05/2025 12:51 (17 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 309847 [Kingdee Cloud Galaxy Private Cloud BBC System đến 9.0 Patch April 2025 File deleteFileAction.jhtml filePath duyệt thư mục] |
|---|
| điểm | 17 |
|---|