Xuhuisheng Lemon Unrestricted File Upload Vulnerability in CmsArticleController
Vulnerability
A vulnerability allowing unrestricted file uploads has been identified in Xuhuisheng Lemon versions through 1.13.0. The issue arises in the 'uploadImage' function of 'CmsArticleController.java', part of the 'com.mossle.cms.web' component. This vulnerability can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to the upload of malicious files that are processed within the application's environment.
Reproduction
The vulnerability can be reproduced by invoking the 'uploadImage' method without any restrictions on the file type. The 'LocalStoreClient.saveStore' and 'FileStoreHelper.saveStore' methods, which are also involved in the file upload process, similarly lack proper file type restrictions. After uploading a file, the application returns the file name, indicating a successful upload.
Remediation
It is recommended to implement a whitelist approach to restrict file upload types.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.