CVE-2018-20094: XXL-CONF Path Traversal vulnerability
7.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.59299%
CWE
Published
12/19/2018
Updated
9/11/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
com.xuxueli:xxl-conf-admin | maven | <= 1.6.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two key points: 1) ConfController.java
's find()
method accepts user-controlled 'keys' parameter via HTTP request and passes it to downstream processing without path normalization. 2) PropUtil.java
's loadFileProp()
method uses these keys directly in file path construction (new File()
) without validation. The combination allows attackers to inject '../' sequences to escape the intended configuration directory. Both functions are explicitly referenced in vulnerability reports and the code structure matches the described exploit flow.