| tiêu đề | newbee-mall V1.0 Unrestricted Upload |
|---|
| Mô tả | There are arbitrary file uploads in the ltd/newbee/all/controller/common/uploadController. java file of the software newbee all. The code does not restrict the file upload suffix. Although the backend will verify whether it is an image, it can be bypassed by concatenating the content to be parsed after the binary data of the uploaded image, thus enabling arbitrary file upload. Although the uploaded file name becomes random, it will still return the uploaded file name, so it can be utilized. |
|---|
| Nguồn | ⚠️ https://github.com/yaklang/IRifyScanResult/blob/main/newbee-mall/arbitrary-file-upload-in-uploadController.md |
|---|
| Người dùng | 1098024193 (UID 45260) |
|---|
| Đệ trình | 21/04/2025 05:51 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 04/05/2025 09:05 (13 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 307363 [newbee-mall 1.0 UploadController.java upload Tệp tin nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|