## JeeSpringCloud uploadFile.jsp file upload vulnerability

|   **Vulnerability**  | 	JeeSpringCloud uploadFile.jsp file upload vulnerability  |
| :----:   | :-----|
|  **Chinese name**  | 	JeeSpringCloud uploadFile.jsp 文件上传漏洞 |
| **CVSS core**  | 	9.8 |
| **FOFA Query**  (click to view the results directly)| [app="JeeSpringCloud"](https://en.fofa.info/result?qbase64=Ym9keT0iL2plZVNwcmluZ1N0YXRpYy9wbHVncy9qcXVlcnkvanF1ZXJ5IiB8fCBoZWFkZXI9ImNvbS5qZWVzcHJpbmcuc2Vzc2lvbi5pZCIgfHwgaGVhZGVyPSJjb20uamVlc3ByaW5nLnNlc3Npb24uaWQi)|
| **Number of assets affected**  | 	282 |
| **Description**  | 	JeeSpringCloud is a free and open source Java Internet cloud rapid development platform.JeeSpringCloud can upload any file by accessing /static/uploadify/uploadFile.jsp and specify the file upload path through the ?uploadPath parameter, causing the server to be controlled. |
| **Impact** | 	An attacker can use this vulnerability to write a backdoor on the server side, execute code, obtain server permissions, and then control the entire web server. |

![](https://s3.bmp.ovh/imgs/2023/10/12/800e0ccfe95d6cbb.gif)