| शीर्षक | linlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434) |
|---|
| विवरण | The endpoint /admin/storage/create allow attacker uploads arbitrary type of file without sanitizer, which leads to Stored XSS, even RCE. |
|---|
| स्रोत | ⚠️ https://github.com/linlinjava/litemall/issues/565 |
|---|
| उपयोगकर्ता | ZAST.AI (UID 87884) |
|---|
| सबमिशन | 04/08/2025 09:17 AM (9 महीनों पहले) |
|---|
| संयम | 13/08/2025 06:10 PM (9 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 319960 [linlinjava litemall तक 1.8.0 Endpoint AdminStorageController.java create Arquivo अधिकार वृद्धि] |
|---|
| अंक | 15 |
|---|