| Título | Harvard University Dataverse Project 6.8 build 1994-92d1ec8 Unrestricted Upload |
|---|
| Descripción | Description
A Critical vulnerability exists in the DataVerse theme customization feature. The application fails to properly validate file uploads on the server side. While the client-side interface restricts uploads to .jpg or .png extensions, this control is easily bypassed by intercepting the HTTP request and modifying the filename and content.
Impact
Successful exploitation allows an attacker to upload and execute arbitrary Java server pages (JSP). This leads to Remote Code Execution (RCE) under the context of the web server user. |
|---|
| Fuente | ⚠️ https://gist.github.com/KaiqueFerreiraPeres/ba039887d7f894a7c38252314e0ef2cc |
|---|
| Usuario | JustF0rFun (UID 94359) |
|---|
| Sumisión | 2026-01-29 19:28 (hace 2 meses) |
|---|
| Moderación | 2026-04-01 11:17 (2 months later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 354616 [Harvard University IQSS Dataverse hasta 6.8 Theme Customization /ThemeAndWidgets.xhtml uploadLogo escalada de privilegios] |
|---|
| Puntos | 20 |
|---|