Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MCMS 安全漏洞
Vulnerability Description
MCMS是一款基于Spring、SpringMVC、Mybatis的Java快速开发平台。 MCMS 4.6.5版本中的com\mingsoft\basic\action\web\FileAction.java文件存在安全漏洞,该漏洞源于上传界面没有验证用户的登录状态。攻击者可利用该漏洞未授权上传文件。
CVSS Information
N/A
Vulnerability Type
N/A