Dromara RuoYi-Vue-Plus Path Traversal Vulnerability in MailController
Vulnerability
A critical path traversal vulnerability has been identified in Dromara RuoYi-Vue-Plus version 5.4.0. The issue resides in the MailController component, specifically within the MailHandler functionality. The vulnerability arises from improper handling of the filePath argument, allowing remote attackers to traverse directories and access files outside of the intended directory structure. This exploitation could lead to unauthorized reading of sensitive files on the server.
Impact
Exploitation of this vulnerability allows for arbitrary file reading, enabling attackers to exfiltrate sensitive information from the server.
Reproduction
The vulnerability can be reproduced by sending a request to the /demo/mail/sendMessageWithAttachment or /demo/mail/sendMessageWithAttachments endpoints on the MailController. These endpoints do not require authentication and allow the inclusion of arbitrary file paths as attachments, which will be read and processed by the server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.