Enviar #628098: linlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434)información

Títulolinlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434)
DescripciónThe endpoint /admin/storage/create allow attacker uploads arbitrary type of file without sanitizer, which leads to Stored XSS, even RCE.
Fuente⚠️ https://github.com/linlinjava/litemall/issues/565
Usuario
 ZAST.AI (UID 87884)
Sumisión2025-08-04 09:17 (hace 9 meses)
Moderación2025-08-13 18:10 (9 days later)
EstadoAceptado
Entrada de VulDB319960 [linlinjava litemall hasta 1.8.0 Endpoint AdminStorageController.java create Archivo escalada de privilegios]
Puntos15

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!