CRMEb Java Unrestricted File Upload Vulnerability in Admin Upload Component

A vulnerability allowing unrestricted file upload has been identified in CRMEb Java versions through 1.3.4. The issue arises in the Admin Upload component, specifically within the UploadServiceImpl.java file. The vulnerability is caused by the model parameter not being properly sanitized, allowing attacker-controlled input to be forwarded into the upload service. This lack of validation enables remote exploitation, as the manipulated argument can be used to upload files without restriction.

Impact

Exploitation of this vulnerability allows for arbitrary file upload, which could lead to arbitrary code execution or other malicious actions, depending on the uploaded file and the application's environment.

Reproduction

To reproduce this vulnerability, send a request to the upload service with a manipulated model parameter that includes directory traversal sequences. The server will process the input without proper validation, resulting in an unrestricted file upload.