| tiêu đề | Tiandy Technologies Co., Ltd. Integrated Management Platform 7.17.0 Unrestricted Upload of File with Dangerous Type |
|---|
| Mô tả | A critical vulnerability exists in the /SetWebpagePic.jsp endpoint of the target system. The application fails to perform identity authentication for the caller and lacks proper sanitization or path validation for the targetPath and Suffix parameters.
An unauthenticated remote attacker can exploit this flaw by sending a specially crafted multipart/form-data POST request. This allows the attacker to write arbitrary JSP files into sensitive directories within the Web root. Successfully uploaded files can then be accessed via a URL, leading to Remote Code Execution (RCE) under the context of the Web service, eventually granting the attacker full control over the compromised server. |
|---|
| Nguồn | ⚠️ https://my.feishu.cn/docx/EA9HdaXaQo80yTxKdw0c3UDmnmD?from=from_copylink |
|---|
| Người dùng | 0menc (UID 75423) |
|---|
| Đệ trình | 03/03/2026 09:18 (cách đây 3 các tháng) |
|---|
| Kiểm duyệt | 15/03/2026 17:30 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 351144 [Technologies Integrated Management Platform 7.17.0 /SetWebpagePic.jsp targetPath/Suffix nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|