Primary

Context

feng_ha_ha MegaGao SSM-ERP and Production_SSM Path Traversal Vulnerability in Picture Deletion Function

Vulnerability

A path traversal vulnerability has been identified in the 'production_ssm' system, specifically within the 'pictureDelete' function of 'PictureController.java'. This issue affects versions of the software prior to the commit 4288d53bd35757b27f2d070057aefb2c07bdd097. The vulnerability arises because the system fails to properly sanitize directory traversal characters in file path inputs, allowing remote attackers to manipulate the 'picName' parameter and delete arbitrary files. The vulnerability has been publicly disclosed and is exploitable.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion on the server.

Reproduction

To reproduce this vulnerability, send a POST request to the '/pic/delete' endpoint with a 'picName' parameter that includes directory traversal sequences, such as '..\..\..\123.txt'. The server will interpret the traversal characters, allowing the deletion of files outside the intended directory.

Added: Feb 21, 2026, 8:19 AM

Updated: Feb 21, 2026, 8:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.2

remediation

0.0

relevance

3.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.2

remediation

0.0

relevance

3.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

feng_ha_ha MegaGao SSM-ERP and Production_SSM Path Traversal Vulnerability in Picture Deletion Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating