CVE-2018-18830 — Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms

Description

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.

How to fix CVE-2018-18830

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed

Is CVE-2018-18830 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 4.6.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYgithub.com/advisories/GHSA-c7c7-xm8g-xm36
ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-18830
PATCHgitee.com/mingSoft/MCMS
WEBgitee.com/mingSoft/MCMS/issues/IO0IQ