You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently, our team has identified a security vulnerability in the latest version of project. This vulnerability allows attackers to potentially upload arbitrary files to the server through malicious requests, thereby gaining control over server permissions.
The logic of the vulnerability is present in the following files: com/central/file/controller/FileController.java#upload.
Developers did not check the filename of the uploaded file when using com/central/file/service/impl/FastdfsService.java#uploadFile() to upload the file.
As a result, attackers could exploit this by submitting a malicious filename, such as ../../../pwned.txt, to achieve arbitrary file upload, which poses a threat to server security.
The text was updated successfully, but these errors were encountered:
Recently, our team has identified a security vulnerability in the latest version of project. This vulnerability allows attackers to potentially upload arbitrary files to the server through malicious requests, thereby gaining control over server permissions.
The logic of the vulnerability is present in the following files: com/central/file/controller/FileController.java#upload.
Developers did not check the filename of the uploaded file when using com/central/file/service/impl/FastdfsService.java#uploadFile() to upload the file.
As a result, attackers could exploit this by submitting a malicious filename, such as ../../../pwned.txt, to achieve arbitrary file upload, which poses a threat to server security.
The text was updated successfully, but these errors were encountered: