Gửi #716785: https://github.com/newbee-ltd/newbee-mall-plus newbee-mall-plus 2.0.0 Upload any filethông tin

tiêu đềhttps://github.com/newbee-ltd/newbee-mall-plus newbee-mall-plus 2.0.0 Upload any file
Mô tảThe 2.0.0 version of the UploadController. java interface of newbee all plus has an arbitrary file upload vulnerability. Attackers can use the suffixName parameter to change the file suffix after uploading, thereby bypassing the front-end file suffix detection and achieving arbitrary file upload vulnerabilities. This may also lead to getshell, causing more serious consequences. In the upload method, after receiving the file suffix, no processing is performed on the file suffix, which allows attackers to upload any type of file and creates an arbitrary file upload vulnerability
Nguồn⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md
Người dùng
 zyhsec (UID 93418)
Đệ trình16/12/2025 15:30 (cách đây 7 các tháng)
Kiểm duyệt30/12/2025 08:35 (14 days later)
Trạng tháiđược chấp nhận
Mục VulDB338744 [newbee-mall-plus 2.0.0 Product Information Edit Page UploadController.java upload Tệp tin nâng cao đặc quyền]
điểm20

Might our Artificial Intelligence support you?

Check our Alexa App!