Description

A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In donglight bookstore电商书城系统说明 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion uploadPicture der Datei src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. Durch Manipulieren des Arguments pictureFile mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2024-13210

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.1

Affected Products

Vendor: donglight

Product: bookstore电商书城系统说明

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.82% (scored less or equal to compared to others)

EPSS Date: 2025-02-07 (when was this score calculated)

References

https://vuldb.com/?id.290815
https://vuldb.com/?ctiid.290815
https://vuldb.com/?submit.469686
https://github.com/donglight/bookstore/issues/10
https://github.com/donglight/bookstore/issues/10#issue-2760923048

Timeline