Submeter #633593: xuhuisheng lemon 1.13.0 Unrestricted Uploadinformação

Títuloxuhuisheng lemon 1.13.0 Unrestricted Upload
DescriçãoLemon-OAcms system has a file upload vulnerability 1."com.mossle.cms.web.CmsArticleController.uploadImage" method does not restrict file upload 2.The called method, “com.mossle.client.store.LocalStoreClient.saveStore“, does not restrict file upload 3.The called method, “com.mossle.core.store.FileStoreHelper.saveStore“, renames the file but does not restrict the file type. 4.Test the file upload function, the file name is returned, so renaming the file is invalid, the file is uploaded successfully 5.Repair suggestion: Use whitelist to limit file upload types
Fonte⚠️ https://github.com/xuhuisheng/lemon/issues/212
Utilizador
 mcc666 (UID 88988)
Submissão13/08/2025 10h50 (há 11 meses)
Moderação24/08/2025 19h02 (11 days later)
EstadoAceite
Entrada VulDB321242 [xuhuisheng lemon até 1.13.0 CmsArticleController.java uploadImage Carregar Elevação de Privilégios]
Pontos20

Do you know our Splunk app?

Download it now for free!