| 标题 | sims Latest Unauthorized Arbitrary File Delete Vulnerability |
|---|
| 描述 | Rawchen/sims has an unauthorized arbitrary file download vulnerability. This vulnerability is due to the deletionFileServlet routing of sims-master/src/web/servlet/file/DeleteFileServlet.java without permission management, and the file name entered by the user is not filtered, causing the attacker to delete server-critical files without permission, which may lead to system paralysis, data loss or even complete service failure. |
|---|
| 来源 | ⚠️ https://github.com/yingxiujie/cve/issues/2 |
|---|
| 用户 | yingxiujie (UID 96521) |
|---|
| 提交 | 2026-04-06 06時56分 (21 日前) |
|---|
| 管理 | 2026-04-25 16時05分 (19 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 359603 [rawchen sims 直到 004f783b1db5ecdfad81c8fdc3b34171211112de deleteFileServlet Endpoint DeleteFileServlet.java filename 目录遍历] |
|---|
| 积分 | 19 |
|---|