Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
xuhuisheng lemon CmsArticleController.java uploadImage unrestricted upload
Vulnerability Description
A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
lemon 安全漏洞
Vulnerability Description
lemon是Xu Huisheng个人开发者的一个开源OA。 lemon 1.13.0及之前版本存在安全漏洞,该漏洞源于文件CmsArticleController.java中uploadImage函数对Upload参数处理不当,可能导致无限制上传。
CVSS Information
N/A
Vulnerability Type
N/A