| Название | www.digiwin.com digiwin ERP system v5.1.3 Unauthenticated File Upload Leading to Remote Code Execution |
|---|
| Описание | A critical vulnerability has been identified in the Digiwin ERP system, specifically in the file upload functionality of the DoWebUpload method. This vulnerability allows unauthenticated users to upload arbitrary files, potentially leading to remote code execution and complete server compromise. |
|---|
| Источник | ⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_4.md |
|---|
| Пользователь | XU NIE (UID 82414) |
|---|
| Представление | 07.03.2025 16:33 (1 Год назад) |
|---|
| Модерация | 24.03.2025 12:19 (17 days later) |
|---|
| Статус | Дубликат |
|---|
| Запись VulDB | 300726 [Digiwin ERP 5.1 /Api/FileUploadApi.ashx DoUpload/DoWebUpload Файл эскалация привилегий] |
|---|
| Баллы | 0 |
|---|