| Название | https://github.com/h-moses/moga-mall moga-mall 1.0 Upload any file |
|---|
| Описание | The PmsProductController.java interface of moga mall version 1.0 has an arbitrary file upload vulnerability, which allows attackers to exploit /,. The encoding method of./bypasses detection, causing directory traversal, and there is no restriction on file suffix types, resulting in arbitrary file uploads that may lead to getshell and more serious consequences.
This code only segments the target string using '/' and only verifies if the segmented segment is' Or To prevent the risk of path traversal, this protection mechanism has significant flaws. Attackers can bypass detection in various ways, triggering directory traversal vulnerabilities and ultimately leading to high-risk security consequences such as directory traversal and arbitrary file uploads |
|---|
| Источник | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/moga-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md |
|---|
| Пользователь | zyhsec (UID 93418) |
|---|
| Представление | 23.12.2025 13:27 (4 месяцы назад) |
|---|
| Модерация | 27.12.2025 14:59 (4 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 338529 [h-moses moga-mall до 392d631a5ef15962a9bddeeb9f1269b9085473fa PmsProductController.java addProduct objectName эскалация привилегий] |
|---|
| Баллы | 20 |
|---|