| Titel | wander-chu SpringBoot-Blog 1.0 arbitrary file uploads |
|---|
| Beschreibung | The upload method in src/main/java/com/my/blog/website/controller/admin/AttachtController.java does not restrict the uploaded files, and can directly upload JSP and HTML Trojan files |
|---|
| Quelle | ⚠️ https://github.com/wander-chu/SpringBoot-Blog/issues/6 |
|---|
| Benutzer | LVZC2 (UID 76821) |
|---|
| Einreichung | 28.12.2024 10:13 (vor 1 Jahr) |
|---|
| Moderieren | 08.01.2025 15:51 (11 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 290794 [wander-chu SpringBoot-Blog 1.0 Admin Attachment AttachtController.java upload Datei erweiterte Rechte] |
|---|
| Punkte | 15 |
|---|