CVE-2020-26806

Name of the Vulnerable Software and Affected Versions: ObjectPlanet Opinio versions prior to 7.15

Description: The issue allows Unrestricted File Upload of executable JSP files, resulting in remote code execution. This is because the filePath can have directory traversal and the fileContent can be valid JSP code. The vulnerability is exploited through the "admin/file.do" endpoint.

Recommendations: For versions prior to 7.15, update to version 7.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/file.do" endpoint to minimize the risk of exploitation. Additionally, restrict the use of the filePath and fileContent variables to prevent directory traversal and execution of malicious JSP code.