Submeter #623100: zlt2000 https://github.com/zlt2000/microservices-platform <=6.0.0 Unrestricted Upload of File with Dangerous Type (CWE-434)informação

Títulozlt2000 https://github.com/zlt2000/microservices-platform <=6.0.0 Unrestricted Upload of File with Dangerous Type (CWE-434)
DescriçãoIn the latest version 6.0.0, the endpoint /api-user/users/file-anon (file-center service ) does not perform any security processing on uploaded files, allowing attackers to upload malicious code to the S3 server. Common attack methods include uploading HTML or PDF files containing malicious JavaScript code to launch XSS or phishing attacks against users.
Fonte⚠️ https://github.com/zlt2000/microservices-platform/issues/77
Utilizador
 ZAST.AI (UID 87884)
Submissão26/07/2025 03h53 (há 9 meses)
Moderação10/08/2025 13h32 (15 days later)
EstadoAceite
Entrada VulDB319375 [zlt2000 microservices-platform até 6.0.0 FileController.java upload Elevação de Privilégios]
Pontos18

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!