Youkefu Unrestricted File Upload Vulnerability in MediaController
Vulnerability
A critical vulnerability allowing unrestricted file uploads has been identified in Youkefu versions through 4.2.0. The issue resides in the MediaController's Upload function, where the imgFile parameter, received as a javax.servlet.http.HttpServletRequest, lacks proper restrictions or filtering. This vulnerability can be exploited remotely, and the uploaded files are saved directly to the server without any sanitization.
Impact
Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to arbitrary file execution or other malicious activities, depending on the uploaded file's nature and the server's configuration.
Reproduction
To reproduce this vulnerability, send a POST request to '/res/image/upload.html' with 'imgFile' parameter included in the multipart form data. The uploaded file will be saved to the server without any restrictions. After the upload, the file can be accessed through the application's image resource URL.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.