제출 #633593: xuhuisheng lemon 1.13.0 Unrestricted Upload정보

제목xuhuisheng lemon 1.13.0 Unrestricted Upload
설명Lemon-OAcms system has a file upload vulnerability 1."com.mossle.cms.web.CmsArticleController.uploadImage" method does not restrict file upload 2.The called method, “com.mossle.client.store.LocalStoreClient.saveStore“, does not restrict file upload 3.The called method, “com.mossle.core.store.FileStoreHelper.saveStore“, renames the file but does not restrict the file type. 4.Test the file upload function, the file name is returned, so renaming the file is invalid, the file is uploaded successfully 5.Repair suggestion: Use whitelist to limit file upload types
원천⚠️ https://github.com/xuhuisheng/lemon/issues/212
사용자
 mcc666 (UID 88988)
제출2025. 08. 13. AM 10:50 (11 개월 ago)
모더레이션2025. 08. 24. PM 07:02 (11 days later)
상태수락
VulDB 항목321242 [xuhuisheng lemon 까지 1.13.0 CmsArticleController.java uploadImage 업로드 권한 상승]
포인트들20

Might our Artificial Intelligence support you?

Check our Alexa App!