A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system.
This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.
This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.
CVE Link
Exploit Type - Old
Exploits/Remote
Exploit Platform
Product Name