إرسال #633593: xuhuisheng lemon 1.13.0 Unrestricted Uploadالمعلومات

عنوانxuhuisheng lemon 1.13.0 Unrestricted Upload
الوصفLemon-OAcms system has a file upload vulnerability 1."com.mossle.cms.web.CmsArticleController.uploadImage" method does not restrict file upload 2.The called method, “com.mossle.client.store.LocalStoreClient.saveStore“, does not restrict file upload 3.The called method, “com.mossle.core.store.FileStoreHelper.saveStore“, renames the file but does not restrict the file type. 4.Test the file upload function, the file name is returned, so renaming the file is invalid, the file is uploaded successfully 5.Repair suggestion: Use whitelist to limit file upload types
المصدر⚠️ https://github.com/xuhuisheng/lemon/issues/212
المستخدم
 mcc666 (UID 88988)
ارسال13/08/2025 10:50 AM (11 أشهر منذ)
الاعتدال24/08/2025 07:02 PM (11 days later)
الحالةتمت الموافقة
إدخال VulDB321242 [xuhuisheng lemon حتى 1.13.0 CmsArticleController.java uploadImage تحميل تجاوز الصلاحيات]
النقاط20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!