| Title | enilu web-flash 1.0 Arbitrary File Upload |
|---|
| Description | In src/main/java/cn/enilu/flash/api/controller/FileController/upload,the code here does not check the legality of the file suffix uploaded,which caused unexpected files to be uploaded |
|---|
| Source | ⚠️ https://gitee.com/enilu/web-flash/issues/ICAXTM |
|---|
| User | electroN1c (UID 85481) |
|---|
| Submission | 05/27/2025 12:03 PM (11 months ago) |
|---|
| Moderation | 06/03/2025 11:39 AM (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 310959 [enilu web-flash 1.0 File Upload upload fileService.upload cross site scripting] |
|---|
| Points | 15 |
|---|