3 matches found
CVE-2018-18315
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter...
CVE-2018-18315
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter...
CVE-2018-18315
The CVE-2018-18315 entry concerns lemon 1.9.0. A vulnerability in com/mossle/cdn/CdnController.java involves the copyMultipartFileToFile method in CdnUtils, which only checks for a ../ substring and does not validate the file type or the spaceName parameter. This inadequate validation can allow a...