Enviar #427005: Guns-Medical 1.0 Arbitrary File Uploadinformación

TítuloGuns-Medical 1.0 Arbitrary File Upload
DescripciónThere is no validation on file types, allowing attackers to upload malicious files. By directly saving the original file extension using ToolUtil.getFileSuffix(picture.getOriginalFilename()), it is possible to upload a malicious HTML file that triggers XSS when accessed.
Fuente⚠️ https://github.com/Poco-z/Guns-Medical/issues/15
Usuario
 susu199 (UID 76394)
Sumisión2024-10-20 05:03 (hace 2 años)
Moderación2024-10-26 09:29 (6 days later)
EstadoAceptado
Entrada de VulDB281941 [Poco-z Guns-Medical 1.0 File Upload /mgr/upload picture secuencias de comandos en sitios cruzados]
Puntos18

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!