| शीर्षक | https://github.com/h-moses/moga-mall moga-mall 1.0 Upload any file |
|---|
| विवरण | The PmsProductController.java interface of moga mall version 1.0 has an arbitrary file upload vulnerability, which allows attackers to exploit /,. The encoding method of./bypasses detection, causing directory traversal, and there is no restriction on file suffix types, resulting in arbitrary file uploads that may lead to getshell and more serious consequences.
This code only segments the target string using '/' and only verifies if the segmented segment is' Or To prevent the risk of path traversal, this protection mechanism has significant flaws. Attackers can bypass detection in various ways, triggering directory traversal vulnerabilities and ultimately leading to high-risk security consequences such as directory traversal and arbitrary file uploads |
|---|
| स्रोत | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/moga-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md |
|---|
| उपयोगकर्ता | zyhsec (UID 93418) |
|---|
| सबमिशन | 23/12/2025 01:27 PM (4 महीनों पहले) |
|---|
| संयम | 27/12/2025 02:59 PM (4 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 338529 [h-moses moga-mall तक 392d631a5ef15962a9bddeeb9f1269b9085473fa PmsProductController.java addProduct objectName अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|