Miggo Logo

CVE-2022-31943: Unrestricted Upload of File with Dangerous Type in MCMS

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.57675%
Published
7/2/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
net.mingsoft:ms-mcmsmaven= 5.2.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability chain combines two functions: 1) BaseFileAction's upload validation only blocks specific extensions while allowing ZIP files, and 2) TemplateAction's ZIP parser extracts files without re-validating contained JSPs. This allows attackers to bypass front-end filtering by packaging JSP webshells in ZIP archives. The GitHub issue #95 explicitly demonstrates this exploit flow through these components.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M*MS v*.*.* w*s *is*ov*r** to *ont*in *n *r*itr*ry *il* uplo** vuln*r**ility.

Reasoning

T** vuln*r**ility ***in *om*in*s two *un*tions: *) **s**il***tion's uplo** v*li**tion only *lo*ks sp**i*i* *xt*nsions w*il* *llowin* ZIP *il*s, *n* *) T*mpl*t***tion's ZIP p*rs*r *xtr**ts *il*s wit*out r*-v*li**tin* *ont*in** JSPs. T*is *llows *tt**k