| عنوان | newbee-mall V1.0 Unrestricted Upload |
|---|
| الوصف | There are arbitrary file uploads in the ltd/newbee/all/controller/common/uploadController. java file of the software newbee all. The code does not restrict the file upload suffix. Although the backend will verify whether it is an image, it can be bypassed by concatenating the content to be parsed after the binary data of the uploaded image, thus enabling arbitrary file upload. Although the uploaded file name becomes random, it will still return the uploaded file name, so it can be utilized. |
|---|
| المصدر | ⚠️ https://github.com/yaklang/IRifyScanResult/blob/main/newbee-mall/arbitrary-file-upload-in-uploadController.md |
|---|
| المستخدم | 1098024193 (UID 45260) |
|---|
| ارسال | 21/04/2025 05:51 AM (1 سنة منذ) |
|---|
| الاعتدال | 04/05/2025 09:05 AM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 307363 [newbee-mall 1.0 UploadController.java upload ملف تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|