| tiêu đề | MigoXLab LMeterX v1.2.0 Path Traversal |
|---|
| Mô tả | # Directory Traversal via task_id Leading to Arbitrary File Overwrite
## Vulnerability Details
- Affected Endpoint `POST /api/upload`
- https://github.com/MigoXLab/LMeterX/blob/main/backend/service/upload_service.py#L100
- https://github.com/MigoXLab/LMeterX/blob/main/backend/service/upload_service.py#L160
A directory traversal vulnerability exists in the file upload functionality, where the `task_id` parameter is used to determine the storage path. By supplying crafted values such as `../`, an attacker can escape the intended `upload_files` directory and write files to arbitrary locations on the server.
## PoC
```bash
curl -X POST "http://localhost:5001/api/upload?task_id=../zznq" \
-F "file=@./pocs/zznq.crt"
```
<img width="2020" height="70" alt="Image" src="https://github.com/user-attachments/assets/db99dcc8-368c-492e-8b40-fbb100a69309" /> |
|---|
| Nguồn | ⚠️ https://github.com/MigoXLab/LMeterX/issues/10 |
|---|
| Người dùng | zznQ (UID 64000) |
|---|
| Đệ trình | 24/07/2025 06:37 (cách đây 9 các tháng) |
|---|
| Kiểm duyệt | 08/08/2025 09:35 (15 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 319225 [MigoXLab LMeterX 1.2.0 upload_service.py process_cert_files task_id duyệt thư mục] |
|---|
| điểm | 20 |
|---|