CVE-2024-50648 – yshopmall V1.0 contains an arbitrary file uploa... (How to Fix)

Q: What is the severity of CVE-2024-50648?

CVE-2024-50648 has a CVSS score of 9.8 (CRITICAL). yshopmall V1.0 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files, potentially leading to remote code execution (RCE) and server takeover if the server is configured to parse JSP files. This affects all users running yshopmall V1.0 without proper security controls.

📋 TL;DR

yshopmall V1.0 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files, potentially leading to remote code execution (RCE) and server takeover if the server is configured to parse JSP files. This affects all users running yshopmall V1.0 without proper security controls.

💻 Affected Systems

Products:

yshopmall

Versions: V1.0

Operating Systems: Any OS running yshopmall

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires file upload functionality and server configuration that allows JSP file execution.

📦 What is this software?

Yshopmall by Guchengwuyue

View all CVEs affecting Yshopmall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise with administrative access, data exfiltration, and potential lateral movement within the network.

🟠

Likely Case

Remote code execution leading to web shell installation, data manipulation, and further exploitation of the server.

🟢

If Mitigated

File uploads blocked or properly validated, limiting impact to denial of service or unauthorized file storage.

🌐 Internet-Facing: HIGH - Web applications with file upload functionality exposed to the internet are prime targets for exploitation.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict File Upload Types

all

Configure web server to only allow specific safe file extensions and block JSP/JSPX files.

# Configure in web.xml or application security settings
# Example: <security-constraint> with file extension restrictions

Disable JSP Execution

all

Configure application server to not execute JSP files from upload directories.

# In Tomcat: Add <security-constraint> to web.xml for upload directory
# Example: <url-pattern>/uploads/*</url-pattern> with no servlet mapping

🧯 If You Can't Patch

Implement strict file type validation and whitelist allowed extensions
Store uploaded files outside web root or in non-executable directories

🔍 How to Verify

Check if Vulnerable:

Test if you can upload a JSP file to the application and access it via URL. Check application version in admin panel or configuration files.

Check Version:

# Check application version in admin interface or configuration files
# Look for version information in web.xml, pom.xml, or application.properties

Verify Fix Applied:

Attempt to upload a JSP file - it should be rejected or stored in a non-executable location. Verify file upload restrictions are in place.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads with JSP/JSPX extensions
Multiple failed upload attempts followed by successful JSP upload
Access to uploaded JSP files in web logs

Network Indicators:

POST requests to file upload endpoints with JSP content
Subsequent GET requests to uploaded JSP files

SIEM Query:

source="web_logs" AND (uri="/upload" OR uri="/file/upload") AND (extension="jsp" OR extension="jspx")

📊 Metadata

CVE ID: CVE-2024-50648

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: November 15, 2024

Last Updated: June 17, 2025

🔗 References

https://github.com/Yllxx03/CVE/blob/main/yshop_fileu_pload.md Exploit,Third Party Advisory
https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50648 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50648, you might also want to check these: