Submit #516293: www.digiwin.com digiwin ERP system v5.0.1 Improper Sanitization of Filename to resultinfo

Titlewww.digiwin.com digiwin ERP system v5.0.1 Improper Sanitization of Filename to result
DescriptionA file upload vulnerability has been discovered in the Digiwin ERP system that does not require authentication. This flaw permits attackers to upload arbitrary files, including potentially harmful ASPX files, which can result in remote code execution and total server compromise.
Source⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_5.md
User
 XU NIE (UID 82414)
Submission03/07/2025 16:35 (1 Year ago)
Moderation03/24/2025 12:19 (17 days later)
StatusAccepted
VulDB entry300727 [Digiwin ERP 5.0.1 UploadAjaxAPI.ashx File unrestricted upload]
Points17

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!