Key Information Vulnerability Description Vulnerability Type: Arbitrary File Deletion Vulnerability Affected System: production_ssm Vulnerability Analysis 1. The system does not filter directory traversal characters when checking file paths, allowing attackers to traverse directories using the “..\” operator and delete arbitrary files. 2. The vulnerability can be triggered by passing the parameter . Vulnerability Reproduction Request Response Vulnerability Location FileController.java: Improper handling of directory traversal characters in file names. FileServiceImpl.java: Only extracts path components using , ignores , leading to path tampering. FileUtil.java: No strict validation of file names before deletion; directly uses the input file name for file operations.