Arbitrary Code Execution and Privilege Escalation through Unrestricted File Upload in JEECG v4.0 and Earlier

Arbitrary Code Execution and Privilege Escalation through Unrestricted File Upload in JEECG v4.0 and Earlier

CVE-2020-23083 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload".

Learn more about our Web Application Penetration Testing UK.