Skip to content

Instantly share code, notes, and snippets.

@Xiqinger

Xiqinger/CVE-2024-29466.md

Last active April 12, 2024 02:46
Show Gist options
  • Save Xiqinger/b3cb51f390d408c3c66c66e645ba5ac0 to your computer and use it in GitHub Desktop.
Save Xiqinger/b3cb51f390d408c3c66c66e645ba5ac0 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2024-29466
Raw
CVE-2024-29466.md

CVE-2024-29466

Vendor: lsgwr

Product: spring-boot-online-exam

Affected versions: v0.9

Vulnerability Info

Type: Directory Traversal

Description

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.

Affected Component

/backend/src/main/java/lsgwr/exam/utils/FileTransUtil.java: saveUploadedFiles

Attack Type

Remote

Attack Type Other

Path Travel

CVE Impact Other

Path Travel

Reference

lsgwr/spring-boot-online-exam#62

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment