| Title | sims Latest Unauthorized Arbitrary File Upload Vulnerability |
|---|
| Description | Rawchen/sims has an unauthorized arbitrary file upload vulnerability. This vulnerability is due to the fact that the UploadServlet route of sims-master/src/web/servlet/file/UploadServlet.java does not do permission management, and the file names entered by the user are not strictly filtered, resulting in the attacker to bypass the filtering and deploy backdoors, WebShell and other malicious programs on the server, thus realizing remote code execution, server control, further stealing sensitive data or disrupting the normal operation of the business system. |
|---|
| Source | ⚠️ https://github.com/yingxiujie/cve/issues/1 |
|---|
| User | yingxiujie (UID 96521) |
|---|
| Submission | 04/06/2026 06:55 (22 days ago) |
|---|
| Moderation | 04/25/2026 16:05 (19 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 205147 [Sims 1.0 /uploadServlet unrestricted upload] |
|---|
| Points | 0 |
|---|