| पदवी | yzcheng90 X-SpringBoot master branch Path Traversal |
|---|
| वर्णन | In the X-SpringBoot project, the file upload API /sys/oss/upload/apk contains the following issue:
The method creates a temporary file using the filename obtained from external parameters, and deletes the temporary file after copying. An attacker can exploit this by crafting the path of the temporary file to delete any .apk file on the system. Moreover, invoking this interface does not require any permission verification.
Project Link: https://github.com/yzcheng90/X-SpringBoot
Affected Version: master branch
Affected API: /sys/oss/upload/apk
Code Location: /src/main/java/com/suke/czx/modules/oss/controller/SysOssController.java:83 |
|---|
| उगम | ⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md |
|---|
| उपयोगकर्ता | ShenxiuSecurity (UID 84374) |
|---|
| आधीनता | 16/06/2025 08:36 AM (8 महिने ago) |
|---|
| नेमस्तपणा | 26/06/2025 05:54 PM (10 days later) |
|---|
| स्थान | मान्य केले |
|---|
| VulDB entry | 314006 [yzcheng90 X-SpringBoot जोपर्यंत 5.0 APK File /sys/oss/upload/apk uploadApk कानस डायरेक्टरी ट्रॅव्हल्सल] |
|---|
| मुद्दे | 20 |
|---|