The original post: /r/netsec by /u/Straight-Zombie-646 on 2025-04-30 09:23:05.

MagicINFO exposes an endpoint with several flaws that, when combined, allow an unauthenticated attacker to upload a JSP file and execute arbitrary server-side code.