| 제목 | Acrel Electric Co., Ltd. EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 Unrestricted File Upload |
|---|
| 설명 | A Critical vulnerability exists in the Acrel EEMS Enterprise Power Operation and Maintenance Cloud Platform. The /SubstationWEBV2/app/..;/main/upfile interface fails to perform proper Identity Authentication and File Validation.
By leveraging a URL normalization bypass (..;) and Directory Traversal in the path parameter, an unauthenticated remote attacker can upload arbitrary malicious files (such as .jsp webshells) to any sensitive directory within the web root. This lead to a complete system compromise and Remote Code Execution (RCE) under the privileges of the web service user. |
|---|
| 원천 | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/FC6swHuyqiLVyfkwKcNc8sCjnfb |
|---|
| 사용자 | bigbrother_man (UID 96003) |
|---|
| 제출 | 2026. 04. 29. AM 04:03 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 26. AM 09:14 (27 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 365609 [Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|