Primary

Context

GuoMinJim PersonManage Path Traversal Vulnerability in Login PreHandle Function

Vulnerability

A critical path traversal vulnerability has been identified in GuoMinJim PersonManage version 1.0. The issue arises in the login function's preHandle method, where manipulation of the Request argument can lead to unauthorized access by traversing directories. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for path traversal, which can lead to unauthorized access to files and directories on the server.

Reproduction

The vulnerability can be reproduced by sending a request to the login endpoint with a crafted Request argument that includes directory traversal sequences. This will bypass the normal login verification process and potentially allow access to restricted areas of the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GuoMinJim PersonManage Path Traversal Vulnerability in Login PreHandle Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating