Unrestricted Upload : com.mossle.cms.web.CmsArticleController.uploadImage

1."com.mossle.cms.web.CmsArticleController.uploadImage" method does not restrict file upload

<img width="1505" height="774" alt="Image" src="https://github.com/user-attachments/assets/b35a0b54-bda8-401f-9384-ef0aff5ea064" />
2.The called method, “com.mossle.client.store.LocalStoreClient.saveStore“, does not restrict file upload

<img width="1429" height="612" alt="Image" src="https://github.com/user-attachments/assets/83da513c-b503-4e46-9672-9b8b9816cbf1" />
3.The called method, “com.mossle.core.store.FileStoreHelper.saveStore“, renames the file but does not restrict the file type.

<img width="1349" height="1181" alt="Image" src="https://github.com/user-attachments/assets/d1f7f834-e63d-42de-8dc5-1dcb4be647f6" />

4.Test the file upload function, the file name is returned, so renaming the file is invalid, the file is uploaded successfully

<img width="2560" height="1245" alt="Image" src="https://github.com/user-attachments/assets/f6118718-7c19-4fe2-8dab-4c22757e725b" />


5.Repair suggestion: Use whitelist to limit file upload types

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Unrestricted Upload : com.mossle.cms.web.CmsArticleController.uploadImage #212

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Unrestricted Upload : com.mossle.cms.web.CmsArticleController.uploadImage #212

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions