Gửi #516293: www.digiwin.com digiwin ERP system v5.0.1 Improper Sanitization of Filename to resultthông tin

tiêu đềwww.digiwin.com digiwin ERP system v5.0.1 Improper Sanitization of Filename to result
Mô tảA file upload vulnerability has been discovered in the Digiwin ERP system that does not require authentication. This flaw permits attackers to upload arbitrary files, including potentially harmful ASPX files, which can result in remote code execution and total server compromise.
Nguồn⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_5.md
Người dùng
 XU NIE (UID 82414)
Đệ trình07/03/2025 16:35 (cách đây 1 Năm)
Kiểm duyệt24/03/2025 12:19 (17 days later)
Trạng tháiđược chấp nhận
Mục VulDB300727 [Digiwin ERP 5.0.1 UploadAjaxAPI.ashx Tệp tin nâng cao đặc quyền]
điểm17

Do you want to use VulDB in your project?

Use the official API to access entries easily!