Posted by Sydream Labs on Mar 24

# Description

Nuxeo Platform is a content management system for enterprises (CMS).
It embeds an Apache Tomcat server, and can be managed through a web
interface.

One of its features allows authenticated users to import files to the
platform.
By crafting the upload request with a specific “X-File-Name“ header,
one can successfuly upload a file at an arbitrary location of the server
file system.

It is then possible to upload a JSP script to…