| 제목 | lsFusion 6.1 Arbitrary File Upload |
|---|
| 설명 | Accessing the /uploadFile API invokes the handleRequest method in UploadFileRequestHandler. This method accepts an unvalidated sid parameter, which is directly appended to FileUtils.APP_UPLOAD_FOLDER_PATH. Additionally, there are no restrictions on the uploaded filename. When combined with directory traversal, this allows an attacker to upload JSP files to a web-accessible directory, leading to client-side file upload–based remote code execution (RCE). |
|---|
| 원천 | ⚠️ https://github.com/lsfusion/platform/issues/1544 |
|---|
| 사용자 | R1ckyZ (UID 92331) |
|---|
| 제출 | 2025. 11. 05. AM 08:01 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 11. 16. PM 12:00 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 332597 [lsfusion platform 까지 6.1 UploadFileRequestHandler.java UploadFileRequestHandler sid 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|