CVE-2026-3187

Name of the Vulnerable Software and Affected Versions feiyuchuixue sz-boot-parent versions up to 1.3.2-beta

Description A flaw exists in feiyuchuixue sz-boot-parent that allows for unrestricted file uploads. This issue is related to the functionality of the /api/admin/sys-file/upload API endpoint. The attack can be initiated remotely and an exploit is publicly available. The project developers addressed the issue by implementing a whitelist restriction on the /api/admin/sys-file/upload endpoint using the oss.allowedExts and oss.allowedMimeTypes configuration options, which allow specifying permitted file extensions and MIME types for uploads.

Recommendations Upgrade to version 1.3.3-beta.