漏洞关键信息 Title: WebStack-Guns Project (GitHub organization jsnjfz) WebStack-Guns 1.0 (latest master) Path Traversal / Arbitrary File Read (CWE-22) Description: - WebStack-Guns 1.0 exposes /kaptcha/{pictureId} as a public endpoint and concatenates the attacker-controlled pictureId directly with the upload directory when reading files. - No validation or canonicalization is performed, allowing remote attackers to traverse directories and download arbitrary files readable by the service account, leading to high-impact information disclosure. Source: https://github.com/Xzzz111/exps/blob/main/archives/WebStack-Guns-PathTraversal-1/report.md User: sh7err04 (UID 92493) Submission: 11/10/2025 12:47 PM (24 days ago) Moderation: 11/30/2025 06:05 PM (20 days later) Status: Accepted VulDB Entry: [333920] [jsnjfz WebStack-Guns 1.0 KaptchaController.java renderPicture path traversal] Points: 20