| عنوان | Hanwang Technology Co., Ltd. Hanwang e-Face General Management Platform V6.3.5.4 Remote Code Execution (RCE) |
|---|
| الوصف | A critical vulnerability was found in Hanwang Technology Co., Ltd. e-Face (e-Liantong) General Management Platform. It affects an unknown function of the file /manage/resourceUpload/upload.do. The manipulation leads to unauthenticated arbitrary file upload.
An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted malicious request to upload an executable web shell. Due to the lack of proper input validation and authorization checks, the attacker can achieve arbitrary remote code execution (RCE) and gain full control over the underlying server operating system. |
|---|
| المصدر | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/SrO0wcxd9i6ByukOizGcIgpBnRd |
|---|
| المستخدم | bigbrother_man (UID 96003) |
|---|
| ارسال | 29/05/2026 11:23 AM (1 شهر منذ) |
|---|
| الاعتدال | 28/06/2026 01:00 PM (1 month later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 374555 [Hanwang e-Face General Management Platform 6.3.5.4 upload.do ملف تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|