Description
A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function upload/delete of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in path traversal. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
CVSS breakdown
CVSS 4.0
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
E
X
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
E
X
RL
X
RC
Required
Affected products
- 1541492390c / yougou-mall0a771fa817c924efe52c8fe0a9a6658eee675f9f – 0a771fa817c924efe52c8fe0a9a6658eee675f9f
References
- MISChttps://vuldb.com/?id.337600
- MISChttps://vuldb.com/?ctiid.337600
- MISChttps://vuldb.com/?submit.717732
- MISChttps://vuldb.com/?submit.721081
- MISChttps://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md
- MISChttps://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md