Gửi #597524: yzcheng90 X-SpringBoot master branch Path Traversalthông tin

tiêu đềyzcheng90 X-SpringBoot master branch Path Traversal
Mô tảIn the X-SpringBoot project, the file upload API /sys/oss/upload/apk contains the following issue: The method creates a temporary file using the filename obtained from external parameters, and deletes the temporary file after copying. An attacker can exploit this by crafting the path of the temporary file to delete any .apk file on the system. Moreover, invoking this interface does not require any permission verification. Project Link: https://github.com/yzcheng90/X-SpringBoot Affected Version: master branch Affected API: /sys/oss/upload/apk Code Location: /src/main/java/com/suke/czx/modules/oss/controller/SysOssController.java:83
Nguồn⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md
Người dùng
 ShenxiuSecurity (UID 84374)
Đệ trình16/06/2025 08:36 (cách đây 1 Năm)
Kiểm duyệt26/06/2025 17:54 (10 days later)
Trạng tháiđược chấp nhận
Mục VulDB314006 [yzcheng90 X-SpringBoot đến 5.0 APK File /sys/oss/upload/apk uploadApk Tệp tin duyệt thư mục]
điểm20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!