Invia #516293: www.digiwin.com digiwin ERP system v5.0.1 Improper Sanitization of Filename to resultinformazioni

Titolowww.digiwin.com digiwin ERP system v5.0.1 Improper Sanitization of Filename to result
DescrizioneA file upload vulnerability has been discovered in the Digiwin ERP system that does not require authentication. This flaw permits attackers to upload arbitrary files, including potentially harmful ASPX files, which can result in remote code execution and total server compromise.
Fonte⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_5.md
Utente
 XU NIE (UID 82414)
Sottomissione07/03/2025 16:35 (1 Anno fa)
Moderazione24/03/2025 12:19 (17 days later)
StatoAccettato
Voce VulDB300727 [Digiwin ERP 5.0.1 UploadAjaxAPI.ashx File escalationi di privilegi]
Punti17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!