| 제목 | https://github.com/h-moses/moga-mall moga-mall 1.0 Upload any file |
|---|
| 설명 | The PmsProductController.java interface of moga mall version 1.0 has an arbitrary file upload vulnerability, which allows attackers to exploit /,. The encoding method of./bypasses detection, causing directory traversal, and there is no restriction on file suffix types, resulting in arbitrary file uploads that may lead to getshell and more serious consequences.
This code only segments the target string using '/' and only verifies if the segmented segment is' Or To prevent the risk of path traversal, this protection mechanism has significant flaws. Attackers can bypass detection in various ways, triggering directory traversal vulnerabilities and ultimately leading to high-risk security consequences such as directory traversal and arbitrary file uploads |
|---|
| 원천 | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/moga-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md |
|---|
| 사용자 | zyhsec (UID 93418) |
|---|
| 제출 | 2025. 12. 23. PM 01:27 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 27. PM 02:59 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338529 [h-moses moga-mall 까지 392d631a5ef15962a9bddeeb9f1269b9085473fa PmsProductController.java addProduct objectName 권한 상승] |
|---|
| 포인트들 | 20 |
|---|