| Vulnerability | JeeSpringCloud uploadFile.jsp file upload vulnerability |
|---|---|
| Chinese name | JeeSpringCloud uploadFile.jsp 文件上传漏洞 |
| CVSS core | 9.8 |
| FOFA Query (click to view the results directly) | app="JeeSpringCloud" |
| Number of assets affected | 282 |
| Description | JeeSpringCloud is a free and open source Java Internet cloud rapid development platform.JeeSpringCloud can upload any file by accessing /static/uploadify/uploadFile.jsp and specify the file upload path through the ?uploadPath parameter, causing the server to be controlled. |
| Impact | An attacker can use this vulnerability to write a backdoor on the server side, execute code, obtain server permissions, and then control the entire web server. |
