| Название | Chengdu Sobey Digital Technology Co., Ltd. Sobey Media Convergence System V2.0-2.1 Uploaded File |
|---|
| Описание | This interface does not effectively validate and filter uploaded filenames and content. Attackers can construct special requests to upload malicious script files (such as JSPs) with fake extensions and write these script files to the web directory via path traversal (such as ../../). After successful upload, attackers can trigger remote code execution (RCE) by accessing the script. |
|---|
| Источник | ⚠️ https://github.com/hacker-routing/cve/issues/1 |
|---|
| Пользователь | routing_love (UID 92805) |
|---|
| Представление | 20.11.2025 07:51 (5 месяцы назад) |
|---|
| Модерация | 06.12.2025 09:56 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 334602 [Sobey Media Convergence System 2.0/2.1 upload Файл обход каталога] |
|---|
| Баллы | 19 |
|---|