Bjskzy Zhiyou ERP Path Traversal Vulnerability in File Upload Function

A path traversal vulnerability has been identified in Bjskzy Zhiyou ERP versions prior to 11.0. The issue resides in the 'uploadStudioFile' function of the 'com.artery.form.services.FormStudioUpdater' component. This vulnerability allows remote exploitation by manipulating the 'filepath' argument, leading to unauthorized file access. The vulnerability has been publicly disclosed, and the vendor has not responded to initial contact regarding the issue.

Impact

Exploitation of this vulnerability allows for arbitrary file upload, which could be used to execute malicious code or overwrite existing files, depending on the application's file handling procedures.

Reproduction

To reproduce this vulnerability, upload a file through the 'uploadStudioFile' interface, ensuring that the 'filepath' parameter is manipulated to include directory traversal sequences. The uploaded file should be in XML format to bypass the application's file type restrictions. Once uploaded, the file can be accessed from the specified traversal path, potentially leading to code execution if the file is processed by the application.