Miggo Logo
Miggo Vulnerability Database
CVE-2022-23315

CVE-2022-23315: Arbitrary file upload in Mingsoft MCMS

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-23315
GHSA ID
GHSA-fr5w-98mc-jjvg
EPSS Score
0.69676%
CWE
CWE-434
Published
1/22/2022
Updated
8/3/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
net.mingsoft:ms-mcmsmaven<= 5.2.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the template file write functionality demonstrated in the Gitee issue. The controller endpoint receives a fileName and fileContent parameter, then writes to the filesystem without: 1) validating file extensions, 2) sanitizing path traversal sequences, or 3) restricting the write location to a safe directory. This matches the CWE-434 pattern where user-controlled filenames are used directly in file operations. The reproduction evidence showing successful directory traversal via ../ confirms the lack of path sanitization in the write() function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M*MS v*.*.* w*s *is*ov*r** to *ont*in *n *r*itr*ry *il* uplo** vuln*r**ility vi* t** *ompon*nt `/ms/t*mpl*t*/writ**il**ont*nt.*o`.

Reasoning

T** vuln*r**ility st*ms *rom t** t*mpl*t* *il* `writ*` *un*tion*lity **monstr*t** in t** *it** issu*. T** *ontroll*r *n*point r***iv*s * `*il*N*m*` *n* `*il**ont*nt` p*r*m*t*r, t**n writ*s to t** *il*syst*m wit*out: *) v*li**tin* *il* *xt*nsions, *)