Submit #633593: xuhuisheng lemon 1.13.0 Unrestricted Uploadinfo

Titelxuhuisheng lemon 1.13.0 Unrestricted Upload
BeschreibungLemon-OAcms system has a file upload vulnerability 1."com.mossle.cms.web.CmsArticleController.uploadImage" method does not restrict file upload 2.The called method, “com.mossle.client.store.LocalStoreClient.saveStore“, does not restrict file upload 3.The called method, “com.mossle.core.store.FileStoreHelper.saveStore“, renames the file but does not restrict the file type. 4.Test the file upload function, the file name is returned, so renaming the file is invalid, the file is uploaded successfully 5.Repair suggestion: Use whitelist to limit file upload types
Quelle⚠️ https://github.com/xuhuisheng/lemon/issues/212
Benutzer
 mcc666 (UID 88988)
Einreichung13.08.2025 10:50 (vor 11 Monaten)
Moderieren24.08.2025 19:02 (11 days later)
StatusAkzeptiert
VulDB Eintrag321242 [xuhuisheng lemon bis 1.13.0 CmsArticleController.java uploadImage Hochladen erweiterte Rechte]
Punkte20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!