| Название | www.digiwin.com digiwin ERP system v5.0.1 Improper Sanitization of Filename to result |
|---|
| Описание | A file upload vulnerability has been discovered in the Digiwin ERP system that does not require authentication. This flaw permits attackers to upload arbitrary files, including potentially harmful ASPX files, which can result in remote code execution and total server compromise. |
|---|
| Источник | ⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_5.md |
|---|
| Пользователь | XU NIE (UID 82414) |
|---|
| Представление | 07.03.2025 16:35 (1 Год назад) |
|---|
| Модерация | 24.03.2025 12:19 (17 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 300727 [Digiwin ERP 5.0.1 UploadAjaxAPI.ashx Файл эскалация привилегий] |
|---|
| Баллы | 17 |
|---|