| 제목 | newbee-mall V1.0 Unrestricted Upload |
|---|
| 설명 | There are arbitrary file uploads in the ltd/newbee/all/controller/common/uploadController. java file of the software newbee all. The code does not restrict the file upload suffix. Although the backend will verify whether it is an image, it can be bypassed by concatenating the content to be parsed after the binary data of the uploaded image, thus enabling arbitrary file upload. Although the uploaded file name becomes random, it will still return the uploaded file name, so it can be utilized. |
|---|
| 원천 | ⚠️ https://github.com/yaklang/IRifyScanResult/blob/main/newbee-mall/arbitrary-file-upload-in-uploadController.md |
|---|
| 사용자 | 1098024193 (UID 45260) |
|---|
| 제출 | 2025. 04. 21. AM 05:51 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 05. 04. AM 09:05 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 307363 [newbee-mall 1.0 UploadController.java upload 파일 권한 상승] |
|---|
| 포인트들 | 20 |
|---|