Invia #516292: www.digiwin.com digiwin ERP system v5.1.3 Unauthenticated File Upload Leading to Remote Code Executioninformazioni

Titolowww.digiwin.com digiwin ERP system v5.1.3 Unauthenticated File Upload Leading to Remote Code Execution
DescrizioneA critical vulnerability has been identified in the Digiwin ERP system, specifically in the file upload functionality of the DoWebUpload method. This vulnerability allows unauthenticated users to upload arbitrary files, potentially leading to remote code execution and complete server compromise.
Fonte⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_4.md
Utente
 XU NIE (UID 82414)
Sottomissione07/03/2025 16:33 (1 Anno fa)
Moderazione24/03/2025 12:19 (17 days later)
StatoDuplicato
Voce VulDB300726 [Digiwin ERP 5.1 /Api/FileUploadApi.ashx DoUpload/DoWebUpload File escalationi di privilegi]
Punti0

Do you want to use VulDB in your project?

Use the official API to access entries easily!