Submit #628098: linlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434)info

Titlelinlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434)
DescriptionThe endpoint /admin/storage/create allow attacker uploads arbitrary type of file without sanitizer, which leads to Stored XSS, even RCE.
Source⚠️ https://github.com/linlinjava/litemall/issues/565
User
 ZAST.AI (UID 87884)
Submission08/04/2025 09:17 (9 months ago)
Moderation08/13/2025 18:10 (9 days later)
StatusAccepted
VulDB entry319960 [linlinjava litemall up to 1.8.0 Endpoint AdminStorageController.java create File unrestricted upload]
Points15

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!