إرسال #516292: www.digiwin.com digiwin ERP system v5.1.3 Unauthenticated File Upload Leading to Remote Code Executionالمعلومات

عنوانwww.digiwin.com digiwin ERP system v5.1.3 Unauthenticated File Upload Leading to Remote Code Execution
الوصفA critical vulnerability has been identified in the Digiwin ERP system, specifically in the file upload functionality of the DoWebUpload method. This vulnerability allows unauthenticated users to upload arbitrary files, potentially leading to remote code execution and complete server compromise.
المصدر⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_4.md
المستخدم
 XU NIE (UID 82414)
ارسال07/03/2025 04:33 PM (1 سنة منذ)
الاعتدال24/03/2025 12:19 PM (17 days later)
الحالةمكرر
إدخال VulDB300726 [Digiwin ERP 5.1 /Api/FileUploadApi.ashx DoUpload/DoWebUpload ملف تجاوز الصلاحيات]
النقاط0

Do you know our Splunk app?

Download it now for free!