vendor:
Java-springboot-codebase
by:
d3sca
6.1
CVSS
HIGH
Unrestricted File Upload
434
CWE
Product Name: Java-springboot-codebase
Affected Version From: 0.1
Affected Version To: 0.1
Patch Exists: NO
Related CWE: CVE-2024-52302
CPE: a:osamataher:java-springboot-codebase:0.1
Platforms Tested: Debian Linux
2024
Unrestricted File Upload
An unrestricted file upload vulnerability was discovered in a Java Spring Boot application. By sending a PUT request to /api/v1/customer/profile-picture with a malicious file payload, an attacker could upload files like .jsp, .php, or .html. By then accessing the uploaded file through the URL returned in the response, remote code execution could be achieved.
Mitigation:
To mitigate this vulnerability, validate file types and enforce strict controls on file uploads. Implement file upload restrictions based on file extensions and content types. Additionally, consider sandboxing uploaded files.
