Jeecgboot Path Traversal Vulnerability Allowing Arbitrary File Uploads to System Directory

A path traversal vulnerability has been identified in Jeecgboot versions through 3.8.2. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, rather than the intended /opt/upFiles directory. The issue arises because the 'bizPath' parameter only filters certain forms of directory traversal, leaving a gap that can be exploited.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads to the /opt directory, where they could replace legitimate application files with malicious ones. This could lead to executing harmful scripts or replacing software executables with compromised versions, potentially causing significant damage.

Reproduction

To reproduce this vulnerability, send a file upload request to the '/jeecg-boot/sys/common/upload' endpoint. Set the 'biz' parameter to include '..' to traverse directories. The uploaded file will be placed in the /opt directory instead of the /opt/upFiles directory as intended.