| tiêu đề | https://github.com/cld378632668/JavaMall JavaMall 1.0 Upload any file |
|---|
| Mô tả | The MinioController.java interface of JavaMall 1.0 version has an arbitrary file upload vulnerability. Its interface does not detect file suffixes and does not have a method to prevent directory traversal. Attackers can upload any type of file, which may result in getshell and more serious consequences
In the upload method, after receiving the file name and file suffix, the file name and file suffix are directly concatenated into the new file name without any processing or type restrictions on the file suffix, which allows attackers to upload any type of file, causing any file upload loophole, and also without any interference Detecting and filtering, resulting in directory traversal vulnerabilities. |
|---|
| Nguồn | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/javamall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md |
|---|
| Người dùng | zyhsec (UID 93418) |
|---|
| Đệ trình | 23/12/2025 14:27 (cách đây 4 các tháng) |
|---|
| Kiểm duyệt | 04/01/2026 09:39 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 339481 [cld378632668 JavaMall đến 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 MinioController.java upload nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|