إرسال #628098: linlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434)المعلومات

عنوانlinlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434)
الوصفThe endpoint /admin/storage/create allow attacker uploads arbitrary type of file without sanitizer, which leads to Stored XSS, even RCE.
المصدر⚠️ https://github.com/linlinjava/litemall/issues/565
المستخدم
 ZAST.AI (UID 87884)
ارسال04/08/2025 09:17 AM (9 أشهر منذ)
الاعتدال13/08/2025 06:10 PM (9 days later)
الحالةتمت الموافقة
إدخال VulDB319960 [linlinjava litemall حتى 1.8.0 Endpoint AdminStorageController.java create ملف تجاوز الصلاحيات]
النقاط15

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!