Headline
CVE-2022-30506: MCMSv5.2.7存在文件上传漏洞 · Issue #I56AID · 铭飞/MCMS - Gitee.com
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.
感谢对开源的关注,目前能做的几个步骤
1、yml 配置不允许上传 zip
2、tomcat 不允许执行jspx
3、账号权限控制好(因为这里有个前置条件,用户具备登陆系统并已经拥有管理员权限)
您也可以提议一下您的见解。还有没有更好的方案。
Related news
GHSA-6xj9-hpq3-w3qw: Code injection in MCMS
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.