Soumettre #633593: xuhuisheng lemon 1.13.0 Unrestricted Uploadinformation

Titrexuhuisheng lemon 1.13.0 Unrestricted Upload
DescriptionLemon-OAcms system has a file upload vulnerability 1."com.mossle.cms.web.CmsArticleController.uploadImage" method does not restrict file upload 2.The called method, “com.mossle.client.store.LocalStoreClient.saveStore“, does not restrict file upload 3.The called method, “com.mossle.core.store.FileStoreHelper.saveStore“, renames the file but does not restrict the file type. 4.Test the file upload function, the file name is returned, so renaming the file is invalid, the file is uploaded successfully 5.Repair suggestion: Use whitelist to limit file upload types
La source⚠️ https://github.com/xuhuisheng/lemon/issues/212
Utilisateur
 mcc666 (UID 88988)
Soumission13/08/2025 10:50 (il y a 11 mois)
Modérer24/08/2025 19:02 (11 days later)
StatutAccepté
Entrée VulDB321242 [xuhuisheng lemon jusqu’à 1.13.0 CmsArticleController.java uploadImage Télécharger élévation de privilèges]
Points20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!