| tiêu đề | xuhuisheng lemon 1.13.0 Unrestricted Upload |
|---|
| Mô tả | Lemon-OAcms system has a file upload vulnerability
1."com.mossle.cms.web.CmsArticleController.uploadImage" method does not restrict file upload
2.The called method, “com.mossle.client.store.LocalStoreClient.saveStore“, does not restrict file upload
3.The called method, “com.mossle.core.store.FileStoreHelper.saveStore“, renames the file but does not restrict the file type.
4.Test the file upload function, the file name is returned, so renaming the file is invalid, the file is uploaded successfully
5.Repair suggestion: Use whitelist to limit file upload types
|
|---|
| Nguồn | ⚠️ https://github.com/xuhuisheng/lemon/issues/212 |
|---|
| Người dùng | mcc666 (UID 88988) |
|---|
| Đệ trình | 13/08/2025 10:50 (cách đây 11 các tháng) |
|---|
| Kiểm duyệt | 24/08/2025 19:02 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 321242 [xuhuisheng lemon đến 1.13.0 CmsArticleController.java uploadImage Tải lên nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|