Primary

Context

Cool-Admin-Java Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability allowing arbitrary file upload has been identified in Cool-Admin-Java version 1.0. This issue resides in the file upload component, specifically within the '/comm/upload' endpoint. Attackers can exploit this vulnerability by uploading a crafted file that is then executed on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Cool-Admin-Java is running.

Reproduction

To reproduce this vulnerability, access the '/api/admin/base/comm/upload' endpoint. After uploading a file through the interface, the uploaded file's path will be returned. Accessing this path will trigger the execution of the uploaded file, thereby exploiting the vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cool-Admin-Java Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating