Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
h-moses moga-mall PmsProductController.java addProduct unrestricted upload
Vulnerability Description
A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted upload. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
moga-mall 代码问题漏洞
Vulnerability Description
moga-mall是h-moses个人开发者的一个基于微服务架构的电商平台。 moga-mall 392d631a5ef15962a9bddeeb9f1269b9085473fa及之前版本存在代码问题漏洞,该漏洞源于文件src/main/java/com/ms/product/controller/PmsProductController.java中函数addProduct对参数objectName的错误操作,可能导致无限制上传。
CVSS Information
N/A
Vulnerability Type
N/A