Headline
CVE-2021-27693: https://github.com/sanluan/PublicCMS/issues/51 · sanluan/PublicCMS@0f4c487
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
@@ -218,7 +218,8 @@ public Map<String, Object> catchimage(@RequestAttribute SysSite site, @SessionAt
BufferedInputStream inputStream = new BufferedInputStream(entity.getContent());
FileType fileType = FileTypeDetector.detectFileType(inputStream);
String suffix = fileType.getCommonExtension();
if (CommonUtils.notEmpty(suffix)) {
if (null != fileType.getMimeType() && fileType.getMimeType().startsWith(“image/”)
&& CommonUtils.notEmpty(suffix)) {
String fileName = CmsFileUtils.getUploadFileName(suffix);
String filePath = siteComponent.getWebFilePath(site, fileName);
CmsFileUtils.copyInputStreamToFile(inputStream, filePath);
@@ -238,9 +239,13 @@ public Map<String, Object> catchimage(@RequestAttribute SysSite site, @SessionAt
}
EntityUtils.consume(entity);
}
Map<String, Object> map = getResultMap(true);
map.put("list", list);
return map;
if (list.isEmpty()) {
return getResultMap(false);
} else {
Map<String, Object> map = getResultMap(true);
map.put("list", list);
return map;
}
}
} catch (Exception e) {
log.error(e.getMessage(), e);