CVE-2025-2705 in ERPinformación

Resumen

por MITRE • 2025-03-24

A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsable

VulDB

Divulgación

2025-03-24

Moderación

aceptado

Artículo

VDB-300726

CPE

listo

Explotación

Descargar

EPSS

0.00431

KEV

no

Actividades

muy bajo

Fuentes

Might our Artificial Intelligence support you?

Check our Alexa App!