Invia #516291: www.digiwin.com digiwin ERP system v5.1 Unrigorous file uploading results in RCEinformazioni

Titolowww.digiwin.com digiwin ERP system v5.1 Unrigorous file uploading results in RCE
DescrizioneA critical security vulnerability has been identified in the file upload functionality of the Digiwin ERP system. This vulnerability allows unauthenticated users to upload arbitrary files, which can lead to remote code execution (RCE) and potentially grant attackers full control over the server.
Fonte⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_3.md
Utente
 XU NIE (UID 82414)
Sottomissione07/03/2025 16:32 (1 Anno fa)
Moderazione24/03/2025 12:19 (17 days later)
StatoAccettato
Voce VulDB300726 [Digiwin ERP 5.1 /Api/FileUploadApi.ashx DoUpload/DoWebUpload File escalationi di privilegi]
Punti17

Do you want to use VulDB in your project?

Use the official API to access entries easily!