Roothub is a forum system developed using SSM and MySQL. version 2.6.0 of Roothub is vulnerable to a directory traversal vulnerability that stems from a failure to properly filter resource or file paths in the file cn/roothub/store/FileSystemStorageService in the function store in the function store. A remote attacker with low privileges can exploit this vulnerability to upload files arbitrarily via the /common/upload API, which can lead to remote arbitrary code execution.
CPE | Name | Operator | Version |
---|---|---|---|
roothub roothub | eq | 2.6.0 |