| عنوان | lsFusion 6.1 Arbitrary File Upload |
|---|
| الوصف | Accessing the /uploadFile API invokes the handleRequest method in UploadFileRequestHandler. This method accepts an unvalidated sid parameter, which is directly appended to FileUtils.APP_UPLOAD_FOLDER_PATH. Additionally, there are no restrictions on the uploaded filename. When combined with directory traversal, this allows an attacker to upload JSP files to a web-accessible directory, leading to client-side file upload–based remote code execution (RCE). |
|---|
| المصدر | ⚠️ https://github.com/lsfusion/platform/issues/1544 |
|---|
| المستخدم | R1ckyZ (UID 92331) |
|---|
| ارسال | 05/11/2025 08:01 AM (6 أشهر منذ) |
|---|
| الاعتدال | 16/11/2025 12:00 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 332597 [lsfusion platform حتى 6.1 UploadFileRequestHandler.java UploadFileRequestHandler sid اجتياز الدليل] |
|---|
| النقاط | 20 |
|---|