cbcvebase.
CVE-2008-1230
published 2008-03-10

CVE-2008-1230: Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified…

PriorityP258critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
4.41%
90.1th percentile
Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."

Affected

3 ranges
VendorProductVersion rangeFixed in
jspwikijspwiki
jspwikijspwiki
jspwikijspwiki

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://server/JSPWikiPath/Edit.jsp?page=Main&editor=../../../rss
urlhttp://server/JSPWikiPath/Edit.jsp?page=User&editor=../../../Install
urlhttp://server/JSPWikiPath/Edit.jsp?page=User&editor=../../../admin/SecurityConfig
urlhttp://server/JSPWikiPath/Edit.jsp?page=Main&editor=%3Cscript%3Ealert(document.cookie)%3C/script%3E
path/Edit.jsp
path/admin/SecurityConfig
  • Detect path traversal attempts in the 'editor' parameter of Edit.jsp — sequences of '../../../' targeting .jsp files indicate local file inclusion exploitation.
  • Monitor HTTP requests to Edit.jsp where the 'editor' parameter contains directory traversal sequences (e.g., '../') combined with known sensitive paths such as 'Install' or 'admin/SecurityConfig'.
  • Alert on file upload requests to JSPWiki attachment endpoints where the uploaded file has a .jsp extension, indicating attempted webshell/malicious JSP upload.
  • Detect XSS attempts via URL-encoded script tags in the 'editor' parameter of Edit.jsp (e.g., %3Cscript%3E patterns).
  • ·The file inclusion vulnerability requires the 'page' parameter to reference an existing page on the server; exploitation is conditional on valid page enumeration.
  • ·The unrestricted file upload attack chain is facilitated by information disclosed via the Install.jsp inclusion (full path, storage path, log/work directories), meaning the LFI vector is a prerequisite for reliable .jsp upload exploitation.
  • ·Earlier versions of JSPWiki beyond the tested 2.4.104 and 2.5.139 may also be affected and should be considered in scope for detection.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.