提交 #597524: yzcheng90 X-SpringBoot master branch Path Traversal信息

标题yzcheng90 X-SpringBoot master branch Path Traversal
描述In the X-SpringBoot project, the file upload API /sys/oss/upload/apk contains the following issue: The method creates a temporary file using the filename obtained from external parameters, and deletes the temporary file after copying. An attacker can exploit this by crafting the path of the temporary file to delete any .apk file on the system. Moreover, invoking this interface does not require any permission verification. Project Link: https://github.com/yzcheng90/X-SpringBoot Affected Version: master branch Affected API: /sys/oss/upload/apk Code Location: /src/main/java/com/suke/czx/modules/oss/controller/SysOssController.java:83
来源⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md
用户
 ShenxiuSecurity (UID 84374)
提交2025-06-16 08時36分 (1 年前)
管理2025-06-26 17時54分 (10 days later)
状态已接受
VulDB条目314006 [yzcheng90 X-SpringBoot 直到 5.0 APK File /sys/oss/upload/apk uploadApk 文件 目录遍历]
积分20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!