提出 #633593: xuhuisheng lemon 1.13.0 Unrestricted Upload情報

タイトルxuhuisheng lemon 1.13.0 Unrestricted Upload
説明Lemon-OAcms system has a file upload vulnerability 1."com.mossle.cms.web.CmsArticleController.uploadImage" method does not restrict file upload 2.The called method, “com.mossle.client.store.LocalStoreClient.saveStore“, does not restrict file upload 3.The called method, “com.mossle.core.store.FileStoreHelper.saveStore“, renames the file but does not restrict the file type. 4.Test the file upload function, the file name is returned, so renaming the file is invalid, the file is uploaded successfully 5.Repair suggestion: Use whitelist to limit file upload types
ソース⚠️ https://github.com/xuhuisheng/lemon/issues/212
ユーザー
 mcc666 (UID 88988)
送信2025年08月13日 10:50 (11 月 ago)
モデレーション2025年08月24日 19:02 (11 days later)
ステータス承諾済み
VulDBエントリ321242 [xuhuisheng lemon 迄 1.13.0 CmsArticleController.java uploadImage アップロード 特権昇格]
ポイント20

Might our Artificial Intelligence support you?

Check our Alexa App!