Name of the Vulnerable Software and Affected Versions:

yeqifu carRental versions prior to 3fabb7eae93d209426638863980301d6f99866b3

Description:

A path traversal issue exists in the `removeFileByPath` function within the `src/main/java/com/yeqifu/sys/utils/AppFileUtils.java` file. The manipulation of the `carimg` argument allows for path traversal, and the issue is remotely exploitable. The exploit has been publicly disclosed.

Recommendations:

Update yeqifu carRental to a version prior to 3fabb7eae93d209426638863980301d6f99866b3.

As a temporary workaround, consider restricting access to the `removeFileByPath` function until a patch is available.