提交 #427005: Guns-Medical 1.0 Arbitrary File Upload信息

标题Guns-Medical 1.0 Arbitrary File Upload
描述There is no validation on file types, allowing attackers to upload malicious files. By directly saving the original file extension using ToolUtil.getFileSuffix(picture.getOriginalFilename()), it is possible to upload a malicious HTML file that triggers XSS when accessed.
来源⚠️ https://github.com/Poco-z/Guns-Medical/issues/15
用户
 susu199 (UID 76394)
提交2024-10-20 05時03分 (2 年前)
管理2024-10-26 09時29分 (6 days later)
状态已接受
VulDB条目281941 [Poco-z Guns-Medical 1.0 File Upload /mgr/upload picture 跨网站脚本]
积分18

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!