| Título | Guns-Medical 1.0 Arbitrary File Upload |
|---|
| Descrição | There is no validation on file types, allowing attackers to upload malicious files. By directly saving the original file extension using ToolUtil.getFileSuffix(picture.getOriginalFilename()), it is possible to upload a malicious HTML file that triggers XSS when accessed. |
|---|
| Fonte | ⚠️ https://github.com/Poco-z/Guns-Medical/issues/15 |
|---|
| Utilizador | susu199 (UID 76394) |
|---|
| Submissão | 20/10/2024 05h03 (há 2 anos) |
|---|
| Moderação | 26/10/2024 09h29 (6 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 281941 [Poco-z Guns-Medical 1.0 File Upload /mgr/upload picture Script de Site Cruzado] |
|---|
| Pontos | 18 |
|---|