제출 #427005: Guns-Medical 1.0 Arbitrary File Upload정보

제목Guns-Medical 1.0 Arbitrary File Upload
설명There is no validation on file types, allowing attackers to upload malicious files. By directly saving the original file extension using ToolUtil.getFileSuffix(picture.getOriginalFilename()), it is possible to upload a malicious HTML file that triggers XSS when accessed.
원천⚠️ https://github.com/Poco-z/Guns-Medical/issues/15
사용자
 susu199 (UID 76394)
제출2024. 10. 20. AM 05:03 (2 연령 ago)
모더레이션2024. 10. 26. AM 09:29 (6 days later)
상태수락
VulDB 항목281941 [Poco-z Guns-Medical 1.0 File Upload /mgr/upload picture 크로스 사이트 스크립팅]
포인트들18

이전개요다음

Might our Artificial Intelligence support you?

Check our Alexa App!