| tiêu đề | ujcms 101.2 Recursive Deletion of Template Storage |
|---|
| Mô tả | A logical vulnerability exists in the WebFileTemplateController.delete method. While the application implements a blacklist mechanism (checkId) to prevent standard path traversal (e.g., filtering .. and \), it fails to validate "empty" or "root-equivalent" inputs.
An attacker can bypass the validation by sending a specially crafted payload (such as an empty string "" or a single forward slash /). When processed, this input resolves to the root of the configured template storage directory. The deleteDirectory function then recursively deletes all files and subdirectories within this root, effectively wiping out the website's templates, styles, and scripts. |
|---|
| Nguồn | ⚠️ https://www.yuque.com/la12138/pa2fpb/lxngf3d07uyd0nwp?singleDoc |
|---|
| Người dùng | Saul1213 (UID 94577) |
|---|
| Đệ trình | 10/02/2026 08:54 (cách đây 3 các tháng) |
|---|
| Kiểm duyệt | 21/02/2026 22:11 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 347319 [Dromara UJCMS 101.2 Template WebFileTemplateController.delete deleteDirectory duyệt thư mục] |
|---|
| điểm | 20 |
|---|