CVE-2018-18315

Posted on 2018년 10월 15일2018년 10월 15일 by admin

CVE-2018-18315

com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.

Source: CVE-2018-18315

답글 남기기 응답 취소