| عنوان | Tiandy Technologies Co., Ltd. Integrated Management Platform 7.17.0 Unrestricted Upload of File with Dangerous Type |
|---|
| الوصف | A critical vulnerability exists in the /SetWebpagePic.jsp endpoint of the target system. The application fails to perform identity authentication for the caller and lacks proper sanitization or path validation for the targetPath and Suffix parameters.
An unauthenticated remote attacker can exploit this flaw by sending a specially crafted multipart/form-data POST request. This allows the attacker to write arbitrary JSP files into sensitive directories within the Web root. Successfully uploaded files can then be accessed via a URL, leading to Remote Code Execution (RCE) under the context of the Web service, eventually granting the attacker full control over the compromised server. |
|---|
| المصدر | ⚠️ https://my.feishu.cn/docx/EA9HdaXaQo80yTxKdw0c3UDmnmD?from=from_copylink |
|---|
| المستخدم | 0menc (UID 75423) |
|---|
| ارسال | 03/03/2026 09:18 AM (3 أشهر منذ) |
|---|
| الاعتدال | 15/03/2026 05:30 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 351144 [Technologies Integrated Management Platform 7.17.0 /SetWebpagePic.jsp targetPath/Suffix تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|