Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Kingdee Cloud-Starry-Sky Enterprise Edition Path Traversal Vulnerability in File Upload Service
Vulnerability
A path traversal vulnerability has been identified in Kingdee Cloud-Starry-Sky Enterprise Edition versions prior to 8.2. The issue resides in the IIS-K3CloudMiniApp component, specifically within the BaseServiceFactory.getFileUploadService.deleteFileAction method. The vulnerability allows remote attackers to manipulate the filePath argument, bypassing directory restrictions and accessing arbitrary sensitive files on the server, potentially leading to significant information leakage.
Impact
Exploitation of this vulnerability allows for arbitrary file reading, with the potential to access sensitive information on the server.
Remediation
The vendor recommends temporarily disabling external network access to the Kingdee Cloud Galaxy Retail System or setting up an IP whitelist for access control. Long-term, users should install the security patch provided by the Starry Sky system, add authentication to the vulnerable CMKAppWebHandler.ashx interface, and remove the file reading function.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.