Soumettre #815455: Acrel Electric Co., Ltd. EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 Unrestricted File Uploadinformation

Titre	Acrel Electric Co., Ltd. EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 Unrestricted File Upload
Description	A Critical vulnerability exists in the Acrel EEMS Enterprise Power Operation and Maintenance Cloud Platform. The /SubstationWEBV2/app/..;/main/upfile interface fails to perform proper Identity Authentication and File Validation. By leveraging a URL normalization bypass (..;) and Directory Traversal in the path parameter, an unauthenticated remote attacker can upload arbitrary malicious files (such as .jsp webshells) to any sensitive directory within the web root. This lead to a complete system compromise and Remote Code Execution (RCE) under the privileges of the web service user.
La source	⚠️ https://ucn9h68n9289.feishu.cn/wiki/FC6swHuyqiLVyfkwKcNc8sCjnfb
Utilisateur	bigbrother_man (UID 96003)
Soumission	29/04/2026 04:03 (il y a 1 mois)
Modérer	26/05/2026 09:14 (27 days later)
Statut	Accepté
Entrée VulDB	365609 [Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile directory traversal]
Points	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!