There is an unrestricted file upload vulnerability to GetShell
ProxyErgo opened this issue · 0 comments
ProxyErgo commented
There is a serious arbitrary file upload vulnerability In the file upload operation of weixinCmsSiteController.
With no checking of file type , an evil jsp script can be uploaded and the file url in the server will return in the response.Then it can be a webshell.
