yeqifu carRental Path Traversal Vulnerability in File Download Function

A path traversal vulnerability has been identified in yeqifu carRental versions prior to 3fabb7eae93d209426638863980301d6f99866b3. The issue arises in the 'downloadShowFile' function within the 'com.yeqifu.sys.controller.FileController' component. The vulnerability allows for arbitrary file downloads by manipulating the 'path' parameter, exploiting the lack of input validation and authorization. This issue can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for unauthorized access to arbitrary files on the server, potentially leading to the disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/file/downloadShowFile.action' with a crafted 'path' parameter that includes '../' sequences to traverse directories. This request can be made using tools like Postman or through a simple script that automates the HTTP request.