jeecgboot jeewx-boot Path Traversal Vulnerability in WxActGoldeneggsPrizesController
Vulnerability
A path traversal vulnerability allowing arbitrary file reading has been identified in jeecgboot jeewx-boot versions prior to 641ab52c3e1845fec39996d7794c33fb40dad1dd. The issue arises in the getImgUrl function of WxActGoldeneggsPrizesController.java, where inadequate sanitization of the imgurl argument enables remote exploitation. Although the vulnerability was initially addressed, the fix can be bypassed with specific encoding, such as replacing spaces with '%20', effectively evading the implemented checks and allowing access to sensitive files like '/etc/passwd'.
Impact
Exploitation of this vulnerability could lead to unauthorized access to arbitrary files on the server, potentially including sensitive information such as password files or application configuration files.
Reproduction
The vulnerability can be reproduced by sending a crafted request to the getImgUrl endpoint with an imgurl parameter that includes encoded traversal sequences. After the request is processed, the response will contain the contents of the requested file, demonstrating the successful exploitation of the path traversal vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.