| Название | Guns-Medical 1.0 Arbitrary File Upload |
|---|
| Описание | There is no validation on file types, allowing attackers to upload malicious files. By directly saving the original file extension using ToolUtil.getFileSuffix(picture.getOriginalFilename()), it is possible to upload a malicious HTML file that triggers XSS when accessed. |
|---|
| Источник | ⚠️ https://github.com/Poco-z/Guns-Medical/issues/15 |
|---|
| Пользователь | susu199 (UID 76394) |
|---|
| Представление | 20.10.2024 05:03 (2 лет назад) |
|---|
| Модерация | 26.10.2024 09:29 (6 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 281941 [Poco-z Guns-Medical 1.0 File Upload /mgr/upload picture межсайтовый скриптинг] |
|---|
| Баллы | 18 |
|---|