Login Sign Up

CVE-2022-29001

7.2 HIGH
Remote Code Execution

📋 TL;DR

SpringBootMovie versions 1.2 and earlier contain an arbitrary file upload vulnerability due to insufficient filtering of uploaded file suffixes. This allows attackers to upload malicious files to the server, potentially leading to remote code execution. Any system running the vulnerable SpringBootMovie application is affected.

💻 Affected Systems

Products:
  • SpringBootMovie
Versions: <= 1.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with file upload functionality enabled are vulnerable.

📦 What is this software?

Springbootmovie by Springbootmovie Project

View all CVEs affecting Springbootmovie →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or ransomware deployment.

🟠

Likely Case

Webshell upload enabling persistent backdoor access, file system manipulation, and lateral movement.

🟢

If Mitigated

File uploads restricted to safe extensions only, preventing malicious file execution.

🌐 Internet-Facing: HIGH - Internet-facing applications are directly exposed to exploitation attempts.
🏢 Internal Only: MEDIUM - Internal systems could be exploited by authenticated users or through other attack vectors.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP POST requests with malicious file uploads can exploit this vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists. Upgrade to a patched version if available, or implement workarounds.

🔧 Temporary Workarounds

Implement file extension validation

all

Add server-side validation to only allow specific safe file extensions (e.g., .jpg, .png, .pdf).

Modify SpringBootMovie source code to include file extension whitelisting in upload handlers.

Implement file content validation

all

Check file magic numbers or content types to ensure uploaded files match their extensions.

Add file signature validation in upload processing code.

🧯 If You Can't Patch

  • Disable file upload functionality entirely in the application.
  • Implement a Web Application Firewall (WAF) with rules to block malicious file uploads.

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a file with a malicious extension (e.g., .jsp, .php) to the application's upload endpoint.

Check Version:

Check application configuration or source code for version information.

Verify Fix Applied:

Test that malicious file extensions are rejected and only allowed extensions are accepted.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads with executable extensions
  • Multiple failed upload attempts
  • Successful uploads of non-standard file types

Network Indicators:

  • HTTP POST requests to upload endpoints with suspicious file names
  • Traffic patterns indicating file upload exploitation

SIEM Query:

source="web_server" AND (url="*/upload*" AND (file_extension="jsp" OR file_extension="php" OR file_extension="exe"))

📊 Metadata

CVE ID: CVE-2022-29001
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: May 3, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29001, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)