제출 #628098: linlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434)정보

제목linlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434)
설명The endpoint /admin/storage/create allow attacker uploads arbitrary type of file without sanitizer, which leads to Stored XSS, even RCE.
원천⚠️ https://github.com/linlinjava/litemall/issues/565
사용자
 ZAST.AI (UID 87884)
제출2025. 08. 04. AM 09:17 (9 개월 ago)
모더레이션2025. 08. 13. PM 06:10 (9 days later)
상태수락
VulDB 항목319960 [linlinjava litemall 까지 1.8.0 Endpoint AdminStorageController.java create 파일 권한 상승]
포인트들15

이전개요다음

Do you want to use VulDB in your project?

Use the official API to access entries easily!