Halo cms v1.5.3 has an arbitrary format file upload vulnerability at /api/admin/attachments/upload. Attackers can upload files in formats such as jsp、html etc.
The text was updated successfully, but these errors were encountered:
zongdeiqianxing
changed the title
Halo cms v1.5.2 has an arbitrary format file upload vulnerability at /api/admin/attachments/upload
Halo cms v1.5.3 has an arbitrary format file upload vulnerability at /api/admin/attachments/upload
Jun 6, 2022
https://github.com/halo-dev/halo/
Halo cms v1.5.3 has an arbitrary format file upload vulnerability at /api/admin/attachments/upload. Attackers can upload files in formats such as jsp、html etc.
Proof of Concept
permalink: AttachmentServiceImpl.java L110

Security is not checked in the relevant code
The text was updated successfully, but these errors were encountered: