Submit #780725: Shandong Hoteam Software Co., Ltd. Huatian Software InforCenter PLM <8.3.8 Remote Code Executioninfo

TitleShandong Hoteam Software Co., Ltd. Huatian Software InforCenter PLM <8.3.8 Remote Code Execution
DescriptionA critical vulnerability exists in the InforCenter PLM system developed by Huatian Software. The uploadFileToIIS function within the /Base/BaseHandler.ashx interface fails to properly restrict file extensions and lacks mandatory authentication. An unauthenticated remote attacker can exploit this flaw by submitting a crafted multipart/form-data request to upload a malicious .aspx webshell. Successful exploitation allows the attacker to execute arbitrary system commands under the context of the IIS process, leading to a complete compromise of the PLM server and potential leakage of sensitive intellectual property and R&D data.
Source⚠️ https://my.feishu.cn/docx/ToGkdd5jwokb4PxEMkHcKrfXn3b?from=from_copylink
User
 0menc (UID 75423)
Submission03/16/2026 10:03 (4 months ago)
Moderation03/31/2026 18:25 (15 days later)
StatusAccepted
VulDB entry354450 [Shandong Hoteam InforCenter PLM up to 8.3.8 /Base/BaseHandler.ashx uploadFileToIIS File unrestricted upload]
Points20

Do you know our Splunk app?

Download it now for free!