| 제목 | Chengdu Sobey Digital Technology Co., Ltd. Sobey Media Convergence System V2.0-2.1 Uploaded File |
|---|
| 설명 | This interface does not effectively validate and filter uploaded filenames and content. Attackers can construct special requests to upload malicious script files (such as JSPs) with fake extensions and write these script files to the web directory via path traversal (such as ../../). After successful upload, attackers can trigger remote code execution (RCE) by accessing the script. |
|---|
| 원천 | ⚠️ https://github.com/hacker-routing/cve/issues/1 |
|---|
| 사용자 | routing_love (UID 92805) |
|---|
| 제출 | 2025. 11. 20. AM 07:51 (5 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 06. AM 09:56 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 334602 [Sobey Media Convergence System 2.0/2.1 upload 파일 디렉토리 순회] |
|---|
| 포인트들 | 19 |
|---|