Xiweicheng TMS Unrestricted File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in Xiweicheng TMS versions through 2.28.0. The issue arises in the Upload function of FileController.java, where the filename parameter is not properly validated, enabling unrestricted file uploads. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can lead to the execution of uploaded files if the application processes them in a way that allows for such execution.

Reproduction

To reproduce this vulnerability, send a POST request to the /admin/file/upload endpoint with a multipart form-data payload. Include a file in the 'file' field, specifying a filename with a dangerous extension, such as .jsp or .html. The request should be made with an active session, including the necessary cookies.