Primary

Context

Feng Ha Ha Mega Gao SSM ERP Production SSM Unrestricted File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

A critical vulnerability has been identified in Feng Ha Ha's Mega Gao SSM ERP production_ssm version 0.0.1 and prior. The issue resides in the file upload functionality of the FileServiceImpl.java. The vulnerability allows for unrestricted file uploads, where malicious JSP files can be uploaded and potentially executed, leading to arbitrary code execution. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where the application is running.

Reproduction

To reproduce this vulnerability, upload a malicious JSP file through the application's file upload feature. The uploaded file can then be accessed and executed on the server, leading to remote code execution.

Remediation

It is recommended to implement a whitelist for allowed file types and to sanitize file names before processing uploads.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Feng Ha Ha Mega Gao SSM ERP Production SSM Unrestricted File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating