| Название | www.digiwin.com digiwin ERP system v5.1 Unrigorous file uploading results in RCE |
|---|
| Описание | A critical security vulnerability has been identified in the file upload functionality of the Digiwin ERP system. This vulnerability allows unauthenticated users to upload arbitrary files, which can lead to remote code execution (RCE) and potentially grant attackers full control over the server. |
|---|
| Источник | ⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_3.md |
|---|
| Пользователь | XU NIE (UID 82414) |
|---|
| Представление | 07.03.2025 16:32 (1 Год назад) |
|---|
| Модерация | 24.03.2025 12:19 (17 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 300726 [Digiwin ERP 5.1 /Api/FileUploadApi.ashx DoUpload/DoWebUpload Файл эскалация привилегий] |
|---|
| Баллы | 17 |
|---|