Gửi #766386: Tiandy video surveillance system 7.17.0 Unrestricted Upload of File with Dangerous Typethông tin

tiêu đềTiandy video surveillance system 7.17.0 Unrestricted Upload of File with Dangerous Type
Mô tảSince there is no validation of the file extension, attackers can upload files of any type (e.g., .jsp, .jspx, .exe, .sh, etc.). If the directory pointed to by CLS_Easy7_Types.file_pathis directly accessible via the web (e.g., under Tomcat's webappsdirectory) and the server configuration allows the execution of such scripts, an attacker could upload a webshell (such as a malicious JSP file) and directly access and execute the malicious code via a URL. This may lead to Remote Code Execution (RCE).
Nguồn⚠️ https://my.feishu.cn/docx/P3Bgdl9BHocn66xCMpCcgCD7nhe?from=from_copylink
Người dùng
 Anonymous User
Đệ trình24/02/2026 09:33 (cách đây 5 các tháng)
Kiểm duyệt08/03/2026 12:23 (12 days later)
Trạng tháiđược chấp nhận
Mục VulDB349764 [Tiandy Video Surveillance System 视频监控平台 7.17.0 CLS_REST_File.java uploadFile fileName nâng cao đặc quyền]
điểm20

Do you know our Splunk app?

Download it now for free!