जमा करें #427005: Guns-Medical 1.0 Arbitrary File Uploadजानकारी

शीर्षक	Guns-Medical 1.0 Arbitrary File Upload
विवरण	There is no validation on file types, allowing attackers to upload malicious files. By directly saving the original file extension using ToolUtil.getFileSuffix(picture.getOriginalFilename()), it is possible to upload a malicious HTML file that triggers XSS when accessed.
स्रोत	⚠️ https://github.com/Poco-z/Guns-Medical/issues/15
उपयोगकर्ता	susu199 (UID 76394)
सबमिशन	20/10/2024 05:03 AM (2 साल पहले)
संयम	26/10/2024 09:29 AM (6 days later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	281941 [Poco-z Guns-Medical 1.0 File Upload /mgr/upload picture क्रॉस साइट स्क्रिप्टिंग]
अंक	18

Want to stay up to date on a daily basis?

Enable the mail alert feature now!