Отправить #633593: xuhuisheng lemon 1.13.0 Unrestricted UploadИнформация

Названиеxuhuisheng lemon 1.13.0 Unrestricted Upload
ОписаниеLemon-OAcms system has a file upload vulnerability 1."com.mossle.cms.web.CmsArticleController.uploadImage" method does not restrict file upload 2.The called method, “com.mossle.client.store.LocalStoreClient.saveStore“, does not restrict file upload 3.The called method, “com.mossle.core.store.FileStoreHelper.saveStore“, renames the file but does not restrict the file type. 4.Test the file upload function, the file name is returned, so renaming the file is invalid, the file is uploaded successfully 5.Repair suggestion: Use whitelist to limit file upload types
Источник⚠️ https://github.com/xuhuisheng/lemon/issues/212
Пользователь
 mcc666 (UID 88988)
Представление13.08.2025 10:50 (11 месяцы назад)
Модерация24.08.2025 19:02 (11 days later)
Статуспринято
Запись VulDB321242 [xuhuisheng lemon до 1.13.0 CmsArticleController.java uploadImage Загрузить эскалация привилегий]
Баллы20

Might our Artificial Intelligence support you?

Check our Alexa App!