| 제목 | Shandong Hoteam Software Co., Ltd. Huatian Software InforCenter PLM <8.3.8 Remote Code Execution |
|---|
| 설명 | A critical vulnerability exists in the InforCenter PLM system developed by Huatian Software. The uploadFileToIIS function within the /Base/BaseHandler.ashx interface fails to properly restrict file extensions and lacks mandatory authentication. An unauthenticated remote attacker can exploit this flaw by submitting a crafted multipart/form-data request to upload a malicious .aspx webshell. Successful exploitation allows the attacker to execute arbitrary system commands under the context of the IIS process, leading to a complete compromise of the PLM server and potential leakage of sensitive intellectual property and R&D data. |
|---|
| 원천 | ⚠️ https://my.feishu.cn/docx/ToGkdd5jwokb4PxEMkHcKrfXn3b?from=from_copylink |
|---|
| 사용자 | 0menc (UID 75423) |
|---|
| 제출 | 2026. 03. 16. AM 10:03 (22 날 ago) |
|---|
| 모더레이션 | 2026. 03. 31. PM 06:25 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354450 [Shandong Hoteam InforCenter PLM 까지 8.3.8 /Base/BaseHandler.ashx uploadFileToIIS 파일 권한 상승] |
|---|
| 포인트들 | 20 |
|---|