Primary

Context

Zhenfeng13 My-Blog Unrestricted File Upload Vulnerability

Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Zhenfeng13 My-Blog version 1.0. The issue arises in the 'uploadFileByEditomd' function within 'src/main/java/com/site/blog/my/core/controller/admin/BlogController.java'. This vulnerability can be exploited remotely by manipulating the 'editormd-image-file' argument, potentially leading to the upload of malicious files such as JSP web shells.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, including the possibility of uploading JSP files that could be executed on the server.

Reproduction

To reproduce this vulnerability, upload a file through the 'editormd-image-file' parameter in the 'uploadFileByEditomd' function. The uploaded file is not properly validated, allowing for the inclusion of executable content, such as a JSP web shell.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zhenfeng13 My-Blog Unrestricted File Upload Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

ZHENFENG13 My-Blog

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating