Arbitrary file upload vulnerability

[yazi7]

Affected version：<=1.2
Upload a compromised file with the suffix .php

Published successfully

Vulnerable code：

The reason for the vulnerability is that the file suffix is not filtered here

[dvdr00t]

Hello @yazi7, I was reviewing your issue and the related CVE-2022-29001. It appears to me that, while uploading a .php file works fine (as the CVE is indeed an arbitrary file upload vulnerability), the file cannot be executed by the Apache Tomcat/9.0.16 Web Engine, which does not natively support PHP execution (as it requires a third-party plugin or a bridge like Apache Tomcat Connectors).

Can you please provides more insights on the file uploading vulnerability you found?

Thanks in advance.