漏洞关键信息 Title: https://github.com/megagao/production_ssm production_ssm v1.0 Arbitrary file deletion vulnerability Description: The production_ssm system contains an arbitrary file deletion vulnerability. The /pic/delete interface of the production_ssm system does not filter directory traversal characters when detecting file paths, allowing attackers to traverse paths and delete arbitrary files using the "..\" operator. Source: https://github.com/megagao/production_ssm/issues/38 User: jszdk (UID 95030) Submission Date: 02/09/2026 09:31 AM (12 days ago) Moderation Date: 02/20/2026 03:17 PM (11 days later) Status: Accepted VulDB Entry: 347103 [feng_ha_ha/megagao ssm-erp/production_ssm up to 6288d53bd35757b27f2d070057aefb2c07bdd097 PictureController.java pictureDelete picName path traversal] Points: 19