إرسال #516293: www.digiwin.com digiwin ERP system v5.0.1 Improper Sanitization of Filename to resultالمعلومات

عنوانwww.digiwin.com digiwin ERP system v5.0.1 Improper Sanitization of Filename to result
الوصفA file upload vulnerability has been discovered in the Digiwin ERP system that does not require authentication. This flaw permits attackers to upload arbitrary files, including potentially harmful ASPX files, which can result in remote code execution and total server compromise.
المصدر⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_5.md
المستخدم
 XU NIE (UID 82414)
ارسال07/03/2025 04:35 PM (1 سنة منذ)
الاعتدال24/03/2025 12:19 PM (17 days later)
الحالةتمت الموافقة
إدخال VulDB300727 [Digiwin ERP 5.0.1 UploadAjaxAPI.ashx ملف تجاوز الصلاحيات]
النقاط17

Do you know our Splunk app?

Download it now for free!