| タイトル | Chengdu Sobey Digital Technology Co., Ltd. Sobey Media Convergence System V2.0-2.1 Uploaded File |
|---|
| 説明 | This interface does not effectively validate and filter uploaded filenames and content. Attackers can construct special requests to upload malicious script files (such as JSPs) with fake extensions and write these script files to the web directory via path traversal (such as ../../). After successful upload, attackers can trigger remote code execution (RCE) by accessing the script. |
|---|
| ソース | ⚠️ https://github.com/hacker-routing/cve/issues/1 |
|---|
| ユーザー | routing_love (UID 92805) |
|---|
| 送信 | 2025年11月20日 07:51 (5 月 ago) |
|---|
| モデレーション | 2025年12月06日 09:56 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 334602 [Sobey Media Convergence System 2.0/2.1 upload ファイル ディレクトリトラバーサル] |
|---|
| ポイント | 19 |
|---|