Qihang WMS Directory Traversal and Arbitrary File Upload Vulnerability

A vulnerability allowing directory traversal and arbitrary file upload has been identified in the ShopOrderImportController.java component of Qihang WMS, specifically in commit 75c15a. This issue arises because the application directly concatenates uploaded file extensions to the file path, enabling attackers to traverse directories and upload malicious files. Exploitation of this vulnerability could lead to overwriting sensitive files, executing stored cross-site scripting (XSS) attacks, or combining with file inclusion vulnerabilities to execute malicious scripts indirectly, posing a significant threat to the system.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to overwrite sensitive files, execute malicious code, or trigger stored cross-site scripting attacks. Additionally, uploaded files could be included in a way that executes scripts, further increasing the risk.

Reproduction

To reproduce this vulnerability, upload a file through the order import interface, ensuring to manipulate the file name to include directory traversal sequences. The uploaded file will be accepted and can be used to execute code or overwrite existing files, depending on the file type and content.