JeeWMS Arbitrary File Upload Vulnerability Allowing Code Execution

A vulnerability allowing arbitrary file upload has been identified in JeeWMS versions prior to 2025.01.01. This issue arises in the parserXML() method, where attackers can upload a crafted file that leads to the execution of arbitrary code.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where JeeWMS is running.

Reproduction

The vulnerability can be reproduced by uploading a malicious file through the file upload feature that interacts with the parserXML() method. This crafted file must be designed to exploit the arbitrary file upload capability, potentially leading to code execution on the server.