जमा करें #766386: Tiandy video surveillance system 7.17.0 Unrestricted Upload of File with Dangerous Typeजानकारी

शीर्षकTiandy video surveillance system 7.17.0 Unrestricted Upload of File with Dangerous Type
विवरणSince there is no validation of the file extension, attackers can upload files of any type (e.g., .jsp, .jspx, .exe, .sh, etc.). If the directory pointed to by CLS_Easy7_Types.file_pathis directly accessible via the web (e.g., under Tomcat's webappsdirectory) and the server configuration allows the execution of such scripts, an attacker could upload a webshell (such as a malicious JSP file) and directly access and execute the malicious code via a URL. This may lead to Remote Code Execution (RCE).
स्रोत⚠️ https://my.feishu.cn/docx/P3Bgdl9BHocn66xCMpCcgCD7nhe?from=from_copylink
उपयोगकर्ता
 Anonymous User
सबमिशन24/02/2026 09:33 AM (5 महीनों पहले)
संयम08/03/2026 12:23 PM (12 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि349764 [Tiandy Video Surveillance System 视频监控平台 7.17.0 CLS_REST_File.java uploadFile fileName अधिकार वृद्धि]
अंक20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!