3 matches found
CVE-2026-3187
A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...
CVE-2026-3187 feiyuchuixue sz-boot-parent API Endpoint upload unrestricted upload
A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...
U.S. Dept Of Defense: Arbitrary file upload and stored XSS via ███ support request
Summary: A malicious user can upload files of any type when submitting a support request. Impact This would allow the attacker to upload malicious executable files as well as .html or .svg files which would allow the attacker to execute malicious code on behalf of the ████ customer support...