CVE-2024-13210 | donglight bookstore电商书城系统说明 1.0 AdminBookController. java uploadPicture pictureFile unrestricted upload

Posted by Angelo Barbosa | Jan 8, 2025 | CVE

A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads to unrestricted upload.

This vulnerability is known as CVE-2024-13210. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-13210 | donglight bookstore电商书城系统说明 1.0 AdminBookController. java uploadPicture pictureFile unrestricted upload

Related Posts

CVE-2022-28652 | Canonical Apport up to 2.20.x settings Billion Laughs xml entity expansion (USN-5427-1)

CVE-2024-23129 | Autodesk AutoCAD/Advance Steel/Civil 3D MODEL File opennurbs.dll memory corruption

CVE-2024-32027 | bmaltais kohya_ss up to 23.1.4 finetune_gui.py command injection (GHSA-8h78-3vqm-xw83)

CVE-2023-50700 | Deepin dde-file-manager up to 6.0.54 D-Bus Method permission (Bug 10007)