| 标题 | newbee-mall V1.0 Unrestricted Upload |
|---|
| 描述 | There are arbitrary file uploads in the ltd/newbee/all/controller/common/uploadController. java file of the software newbee all. The code does not restrict the file upload suffix. Although the backend will verify whether it is an image, it can be bypassed by concatenating the content to be parsed after the binary data of the uploaded image, thus enabling arbitrary file upload. Although the uploaded file name becomes random, it will still return the uploaded file name, so it can be utilized. |
|---|
| 来源 | ⚠️ https://github.com/yaklang/IRifyScanResult/blob/main/newbee-mall/arbitrary-file-upload-in-uploadController.md |
|---|
| 用户 | 1098024193 (UID 45260) |
|---|
| 提交 | 2025-04-21 05時51分 (1 年前) |
|---|
| 管理 | 2025-05-04 09時05分 (13 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 307363 [newbee-mall 1.0 UploadController.java upload 文件 权限提升] |
|---|
| 积分 | 20 |
|---|