| Title | Acrel Electric Co., Ltd. EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 Command Injection |
|---|
| Description | Acrel Electric Co., Ltd. Enterprise Microgrid Energy Efficiency Management System (ECEMS) fails to effectively verify and filter user-controllable inputs when processing the interface /SubstationWEBV2/main/uploadH5Files?version=1.0. This flaw allows attackers to upload arbitrary files and execute system commands. Successful exploitation enables attackers to gain server privileges, posing severe security risks. |
|---|
| Source | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/DGcvwBIsFis9gvkhNXnckr4xn8c |
|---|
| User | Anonymous User |
|---|
| Submission | 04/28/2026 13:05 (2 months ago) |
|---|
| Moderation | 05/26/2026 07:56 (28 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 360865 [Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform uploadH5Files unrestricted upload] |
|---|
| Points | 0 |
|---|