提交 #628098: linlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434)信息

标题linlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434)
描述The endpoint /admin/storage/create allow attacker uploads arbitrary type of file without sanitizer, which leads to Stored XSS, even RCE.
来源⚠️ https://github.com/linlinjava/litemall/issues/565
用户
 ZAST.AI (UID 87884)
提交2025-08-04 09時17分 (9 月前)
管理2025-08-13 18時10分 (9 days later)
状态已接受
VulDB条目319960 [linlinjava litemall 直到 1.8.0 Endpoint AdminStorageController.java create 文件 权限提升]
积分15

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!