Primary

Context

Donglight Bookstore Unrestricted File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Donglight Bookstore version 1.0. The issue resides in the 'uploadPicture' function of the 'AdminBookController' file. This vulnerability can be exploited remotely, and the uploaded files can be executed within the application's environment.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the application is hosted.

Reproduction

To reproduce this vulnerability, log into the application as an admin and navigate to the book addition page. Upload a file with a '.jsp' extension containing a payload that executes a command, such as opening the calculator application. Once the file is uploaded, the command will be executed on the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Donglight Bookstore Unrestricted File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating