jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted upload

July 21, 2025 invoker category_cve

CVE Details

Basic Information

Title	jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted upload
Type	cve
Published	2025-07-21T20:32:05.579Z
Modified	2025-07-21T20:32:05.579Z

Product Information

Vendor	jerryshensjf
Product	JPACookieShop 蛋糕商城JPA版
Version	1.0

CVSS Information

Base Score	5.3 (MEDIUM)
Attack Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Affected Products

jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0

Additional Information

CWE List	CWE-434, CWE-284
Source	VulDB

Description

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely.

References

https://vuldb.com/?id.317076
https://vuldb.com/?ctiid.317076
https://vuldb.com/?submit.618986
https://github.com/Bemcliu/cve-reports/blob/main/cve-03-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Arbitrary%20File%20Upload/readme.md

View Full CVE Details