JeeWMS Arbitrary File Upload Vulnerability Leading to Remote Code Execution

An arbitrary file upload vulnerability has been identified in JeeWMS version 20250820. This vulnerability arises from inadequate file validation in the 'saveFiles' function of the 'cgUploadController' endpoint. As a result, an authenticated user with normal privileges could upload a malicious file that enabled remote code execution on the server.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can lead to remote code execution on the server.

Reproduction

To reproduce this vulnerability, an authenticated user must send a POST request to the 'jeewms/cgUploadController.do' endpoint, including a file in the request that contains malicious code. The uploaded file must be crafted to execute code on the server when processed.

Remediation

It is recommended to implement strict file type whitelisting, validate and sanitize file names, store uploaded files outside the web root, remove execute permissions from upload directories, verify content types by inspecting file magic bytes, scan uploads for malicious content, apply least-privilege principles to the web application user and database credentials, and add logging and alerting for upload attempts.