Coiledmag4

**Name of the Vulnerable Software and Affected Versions** yeqifu carRental versions prior to 3fabb7eae93d209426638863980301d6f99866b3 **Description** A path traversal issue exists in the `removeFileByPath` function within the `src/main/java/com/yeqifu/sys/utils/AppFileUtils.java` file. The manipulation of the `carimg` argument allows for path traversal, and the issue is remotely exploitable. The exploit has been publicly disclosed. **Recommendations** Update yeqifu carRental to a version prior to 3fabb7eae93d209426638863980301d6f99866b3. As a temporary workaround, consider restricting access to the `removeFileByPath` function until a patch is available.