Submeter #770534: Tiandy Technologies Co., Ltd. Easy7 Integrated Management Platform 7.17.0 Unrestricted Upload of File with Dangerous Typeinformação

TítuloTiandy Technologies Co., Ltd. Easy7 Integrated Management Platform 7.17.0 Unrestricted Upload of File with Dangerous Type
DescriçãoAnother critical unauthenticated file upload vulnerability was identified within the REST API architecture of the target product. The endpoint /rest/file/uploadLedImage contains a logical flaw that fails to verify the caller's identity. An attacker can exploit this to upload malicious JSP script files. Due to the lack of strict path restrictions, the attacker can plant a Webshell into the web directory, leading to Remote Code Execution (RCE) and full compromise of the target server.
Fonte⚠️ https://my.feishu.cn/docx/Z5HJdLCxioFs4sxyILbcoSIAnTh?from=from_copylink
Utilizador
 0menc (UID 75423)
Submissão03/03/2026 10h31 (há 3 meses)
Moderação15/03/2026 17h30 (12 days later)
EstadoAceite
Entrada VulDB351145 [Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint uploadLedImage Ficheiro Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!