Primary

Context

StarSea99 Starsea-Mall Unrestricted File Upload Vulnerability in UploadController

Vulnerability

A critical vulnerability exists in StarSea99's starsea-mall version 1.0, specifically within the UploadController function of the file src/main/java/com/siro/mall/controller/common/uploadController.java. This vulnerability allows for unrestricted file uploads, as the upload method does not properly validate the types of files being uploaded. Attackers can exploit this issue remotely by uploading JSP and HTML files, potentially leading to further exploitation.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious files that are executed on the server.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the admin upload file endpoint. Once there, upload a file with a .jsp or .html extension. The server will accept the file without any restrictions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

StarSea99 Starsea-Mall Unrestricted File Upload Vulnerability in UploadController

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating