CVE-2023-34747: arbitrary file upload vulnerability in ujcms v6.0.2 · Issue #4 · ujcms/ujcms

Hello, I found that your ujcms v6.0.2 version has an arbitrary file upload vulnerability in the background.
In the background file -> upload file here, we can upload files, I know you have made restrictions on the suffix of the uploaded file name, for example, jsp files are not allowed to be uploaded. But we can bypass the check by capturing the packet and modifying the file name to “1.jsp.” (adding a decimal point to the suffix).

1. Try to upload 1.jsp file, but it is blocked

2. Use burpsuite to capture the package, modify the file name to “1.jsp.” and then change the Content-Type to “image/png” to upload successfully

3. Click Browse to download the file, and the suffix of the downloaded file is “jsp” instead of “jsp.”

4.Suggestion: Check whether the suffix of the uploaded file name is normal, and prevent the suffix of the malformed symbol like “jsp.” from bypassing the security check