Key Information 0x01 Vulnerability Overview Vulnerability Name: LiveBOS UploadFile.do Arbitrary File Upload Affected Scope: LiveBOS software versions up to LiveBOS <= 3.9.0 Vulnerability Description: LiveBOS is an Object Business Architecture (OBA) middleware and integrated development tool developed by a certain software technology company. The UploadFile.do interface in LiveBOS contains an arbitrary file upload vulnerability. Unauthenticated attackers can exploit this vulnerability to write files on the server, gain server privileges, and execute code across the entire web service system. 0x02 Vulnerability Reproduction Test Environment: - Burp Suite used for packet capture and request modification. - Screenshot of an online consultation platform showing the LiveBOS login interface. Reproduction Steps: Related Links LiveBOS UploadFile.do Arbitrary File Upload Vulnerability Discovery (XVL-2021-2170) LiveBOS ShowImage.do File Inclusion Leading to XSS via HTML Tags LiveBOS Documentation Center `` UploadFile.do` interface of LiveBOS software, including its impact scope, reproduction steps, and related links, assisting security researchers and developers in understanding and remediating the vulnerability.