Panhainan DS-Java Code Injection Vulnerability via File Upload

Vulnerability

A critical code injection vulnerability has been identified in Panhainan DS-Java version 1.0. The issue arises in the 'uploadUserPic.action' function within 'src/com/phn/action/FileUpload.java', where improper handling of the 'fileUpload' argument allows for arbitrary file uploads. This vulnerability can be exploited remotely by uploading malicious JSP files, which could then be executed on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server, with the uploaded JSP file being executed as code.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Panhainan DS-Java Code Injection Vulnerability via File Upload

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating