CVE-2025-3842— panhainan DS-Java FileUpload.java uploadUserPic.action code injection

panhainan DS-Java FileUpload.java uploadUserPic.action code injection

A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

对生成代码的控制不恰当(代码注入)

DS-Java 注入漏洞

DS-Java是sixteen个人开发者的一个基于SSH（Struts2+Spring+Hibernate）搭建的论坛系统。 DS-Java 1.0版本存在注入漏洞，该漏洞源于文件src/com/phn/action/FileUpload.java中uploadUserPic.action函数对fileUpload参数的操作导致代码注入。

N/A

N/A