| 제목 | Tiandy Technologies Co., Ltd. Easy7 Integrated Management Platform 7.17.0 Unrestricted Upload of File with Dangerous Type |
|---|
| 설명 | Another critical unauthenticated file upload vulnerability was identified within the REST API architecture of the target product. The endpoint /rest/file/uploadLedImage contains a logical flaw that fails to verify the caller's identity. An attacker can exploit this to upload malicious JSP script files. Due to the lack of strict path restrictions, the attacker can plant a Webshell into the web directory, leading to Remote Code Execution (RCE) and full compromise of the target server. |
|---|
| 원천 | ⚠️ https://my.feishu.cn/docx/Z5HJdLCxioFs4sxyILbcoSIAnTh?from=from_copylink |
|---|
| 사용자 | 0menc (UID 75423) |
|---|
| 제출 | 2026. 03. 03. AM 10:31 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 15. PM 05:30 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 351145 [Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint uploadLedImage 파일 권한 상승] |
|---|
| 포인트들 | 20 |
|---|