128 Star 351 Fork 119

XiaoBingBy / TeaCMS

 / 详情

Vulnerability:found a upload vuln

待办的
创建于  
2023-02-28 19:40

risky path : /admin/upload
risky function: me.teacms.controller.common.UploadImgController#upload
输入图片说明

Because there is no security detection file suffix function, users can upload any file, or even upload it to other working directories
like upload "test.jsp" or "../../../../test.jsp" to traversal Directory .

评论 (0)

Redeem_Hu 创建了任务

登录 后才可以发表评论

状态
负责人
里程碑
Pull Requests
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
开始日期   -   截止日期
-
置顶选项
优先级
参与者(1)
Java
1
https://gitee.com/xiaobingby/TeaCMS.git
git@gitee.com:xiaobingby/TeaCMS.git
xiaobingby
TeaCMS
TeaCMS

搜索帮助