Unrated severityNVD Advisory· Published Jul 20, 2023· Updated Aug 2, 2024

Chengdu Flash Flood Disaster Monitoring and Warning System upload.aspx unrestricted upload

CVE-2023-3798

Description

A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. This vulnerability affects unknown code of the file /App_Resource/UEditor/server/upload.aspx. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. VDB-235066 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 suffers from an arbitrary file upload vulnerability via /App_Resource/UEditor/server/upload.aspx, allowing attackers to gain server access without authentication.

Vulnerability

The Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0 contains a critical unrestricted file upload vulnerability in the endpoint /App_Resource/UEditor/server/upload.aspx. The application fails to validate the file type or content, allowing an attacker to upload arbitrary files, including ASPX web shells. No authentication is required to reach this endpoint [1].

Exploitation

An attacker can exploit this vulnerability by sending a multipart HTTP POST request to the vulnerable endpoint with a malicious file (e.g., 1.aspx) disguised as an image by setting the Content-Type to image/jpeg. The provided proof-of-concept (POC) demonstrates uploading an ASPX payload that decrypts and executes arbitrary code via Rijndael decryption [1]. The exploit requires only network access to the system; no prior authentication or user interaction is needed.

Impact

Successful exploitation allows an attacker to upload and execute arbitrary code on the server with the privileges of the web application. This typically leads to full compromise of the web server, including the ability to read, modify, or delete data, install additional malware, or pivot to internal networks [1].

Mitigation

As of publication, the vendor has not responded to the disclosure and no official patch or update has been released [1]. System administrators should consider restricting access to the /App_Resource/UEditor/server/upload.aspx endpoint via firewall or web server configuration, disable file upload functionality if possible, and monitor for suspicious upload activity until a fix is provided.

References

cve/wanjiang.md at main · RCEraser/cve

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Chengdu Flash Flood Disaster Monitoring and Warning System/Chengdu Flash Flood Disaster Monitoring and Warning Systemllm-fuzzy
Range: =2.0
Chengdu/Flash Flood Disaster Monitoring and Warning Systemv5
Range: 2.0

Patches

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing file type validation in the upload handler allows arbitrary ASPX file upload."

Attack vector

An unauthenticated attacker sends a POST request to `/App_Resource/UEditor/server/upload.aspx` with a multipart/form-data body containing a `file` field [ref_id=1]. The attacker sets the filename to `1.aspx` and the Content-Type to `image/jpeg`, but the actual payload is ASP.NET WebShell code [ref_id=1]. The server accepts the file without checking the extension or content, allowing arbitrary ASPX file upload [ref_id=1]. This gives the attacker remote code execution on the web server with no prior authentication required.

Affected code

The vulnerable endpoint is `/App_Resource/UEditor/server/upload.aspx`, which is part of the Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 [ref_id=1]. The file is an upload handler that accepts a `file` parameter via multipart/form-data POST requests [ref_id=1]. No server-side validation of the uploaded file's extension or content is present in the described code path.

What the fix does

No patch or vendor response is available for this vulnerability [ref_id=1]. The advisory notes that the vendor was contacted early but did not respond [ref_id=1]. To remediate, the upload handler must validate file extensions against a whitelist (e.g., only allow image extensions like `.jpg`, `.png`), verify the actual file content matches the declared MIME type, and store uploaded files outside the web root or in a directory that does not execute server-side scripts.

Preconditions

authNo authentication required; the endpoint is publicly accessible
networkAttacker must be able to send HTTP POST requests to the target server
configThe server must have the vulnerable upload.aspx handler exposed

Reproduction

Send the following POST request to the target server, replacing `Host` with the target's address:

``` POST /App_Resource/UEditor/server/upload.aspx HTTP/1.1 Host: xx.xx.xx.xx Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryJa5U4zOAfmJDcYxj Content-Length: 541

------WebKitFormBoundaryJa5U4zOAfmJDcYxj Content-Disposition: form-data; name="file"; filename="1.aspx" Content-Type: image/jpeg

[ASPX WebShell payload] ------WebKitFormBoundaryJa5U4zOAfmJDcYxj-- ```

The ASPX WebShell payload from the PoC is a Rijndael-encrypted eval stub [ref_id=1]. After upload, access the uploaded `1.aspx` file in the web root to execute commands.

Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/RCEraser/cve/blob/main/wanjiang.mdmitreexploit
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000