| tiêu đề | yeqifu warehouse aaf29962ba407d22d991781de28796ee7b4670e4 Arbitrary File Read |
|---|
| Mô tả | An arbitrary file read vulnerability was discovered in AppFileUtils.java of the project https://github.com/yeqifu/warehouse. The affected functionality is an image display route (/file/showImageByPath?path=)that invokes AppFileUtils.java and accepts a user-controlled path parameter to locate files under a specified directory. Due to improper input validation, the path parameter is directly used to read files without verifying its legitimacy. By manipulating the path parameter with relative path sequences, an attacker can access, download, or view arbitrary files on the server. |
|---|
| Nguồn | ⚠️ https://github.com/5i1encee/Vul/blob/main/Arbitrary%20File%20Read%20Vulnerability%20in%20Project%20yeqifu%20warehouse.md |
|---|
| Người dùng | 5i1encee (UID 94076) |
|---|
| Đệ trình | 02/01/2026 11:33 (cách đây 4 các tháng) |
|---|
| Kiểm duyệt | 02/01/2026 13:32 (2 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 339385 [yeqifu warehouse đến aaf29962ba407d22d991781de28796ee7b4670e4 AppFileUtils.java createResponseEntity path duyệt thư mục] |
|---|
| điểm | 20 |
|---|