| 제목 | www.digiwin.com digiwin ERP system v5.1 Unrigorous file uploading results in RCE |
|---|
| 설명 | A critical security vulnerability has been identified in the file upload functionality of the Digiwin ERP system. This vulnerability allows unauthenticated users to upload arbitrary files, which can lead to remote code execution (RCE) and potentially grant attackers full control over the server. |
|---|
| 원천 | ⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_3.md |
|---|
| 사용자 | XU NIE (UID 82414) |
|---|
| 제출 | 2025. 03. 07. PM 04:32 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 24. PM 12:19 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 300726 [Digiwin ERP 5.1 /Api/FileUploadApi.ashx DoUpload/DoWebUpload 파일 권한 상승] |
|---|
| 포인트들 | 17 |
|---|