Devote

**Name of the Vulnerable Software and Affected Versions** MCMS version 4.6.5 **Description** An issue was discovered in the FileAction.java file, where the upload interface does not verify the user login status, allowing files to be uploaded without setting a cookie. This can be exploited by uploading JSP code with a .png filename, intercepting the data packet, and changing the suffix to jsp in the `name` parameter. The server then returns the storage path of the file, which can be accessed to execute arbitrary JSP code. **Recommendations** For MCMS version 4.6.5, as a temporary workaround, consider restricting access to the upload interface until a patch is available. Additionally, restrict access to the FileAction.java file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MCMS version 4.6.5 **Description** An issue was discovered in the GeneraterAction.java file, allowing an attacker to write a .jsp file to an arbitrary directory via a Directory Traversal in the `url` parameter, using the `position` parameter. **Recommendations** For MCMS version 4.6.5, consider restricting access to the GeneraterAction.java file to minimize the risk of exploitation. As a temporary workaround, avoid using the `url` parameter with untrusted input until a patch is available.