lenve VBlog ArticleController.java uploadImg path traversal

A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Affected is the function uploadImg of the file blogserver/src/main/java/org/sang/controller/ArticleController.java. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

对路径名的限制不恰当(路径遍历)

VBlog 路径遍历漏洞

VBlog是lenve个人开发者的一个多用户博客管理平台。 VBlog 1.0.0及之前版本存在路径遍历漏洞，该漏洞源于路径遍历，可能导致远程攻击者访问任意文件。

N/A

N/A