# CVE-2026-30345 - CTFd Zipfile Import Arbitrary File Write ## 漏洞概述 CTFd v3.8.1-18-gb5a18c4 的 Admin 导入功能中存在一个 Zip Slip 漏洞,允许攻击者写入任意文件。 ## 影响范围 - **受影响产品代码库**: CTFd - 3.8.1-18-gb5a18c4 - **受影响组件**: CTFd admin configuration's import feature - **攻击类型**: Remote - **CVE 影响**: Arbitrary file write (path traversal / Zip Slip) during CTFd import/restore allows writing files outside the intended extraction directory. ## 修复方案 - 更新 CTFd 到最新版本。 - 参考链接: - [GitHub CTFd](https://github.com/CTFd/CTFd) - [CTFd Security Policy](https://github.com/CTFd/CTFd/security/policy) ## POC 代码 ```plaintext [Suggested description] A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gb5a18c4 allows attackers to write arbitrary files. [VulnerabilityType Other] Path Traversal (Zip Slip) leading to Arbitrary File Write (CVE-22 / CVE-73) [Vendor of Product] CTFd [Affected Product Code Base] CTFd - 3.8.1-18-gb5a18c4 [Affected Component] CTFd admin configuration's import feature [Attack Type] Remote [CVE Impact Other] Arbitrary file write (path traversal / Zip Slip) during CTFd import/restore allows writing files outside the intended extraction directory. [Attack Vectors] An authenticated administrator uploads a maliciously crafted CTFd export archive containing file entries with traversal/absolute paths.