提交 #427005: Guns-Medical 1.0 Arbitrary File Upload信息

TitleGuns-Medical 1.0 Arbitrary File Upload
DescriptionThere is no validation on file types, allowing attackers to upload malicious files. By directly saving the original file extension using ToolUtil.getFileSuffix(picture.getOriginalFilename()), it is possible to upload a malicious HTML file that triggers XSS when accessed.
Source⚠️ https://github.com/Poco-z/Guns-Medical/issues/15
User
 susu199 (UID 76394)
Submission2024-10-20 05時03分 (7 月前)
Moderation2024-10-26 09時29分 (6 days later)
Status已接受
VulDB Entry281941 [Poco-z Guns-Medical 1.0 File Upload /mgr/upload picture 跨网站脚本]
Points18

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!