CVE-2024-13138 Information

Description

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/wangl1989/mysiteforme/issues/55 https://github.com/wangl1989/mysiteforme/issues/55#issue-2757868654 https://vuldb.com/?ctiid.290212 https://vuldb.com/?id.290212 https://vuldb.com/?submit.468511