| tiêu đề | Acrel Electric Co., Ltd. EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 Unrestricted Upload of File with Dangerous Type |
|---|
| Mô tả | A serious file upload vulnerability has been identified in the Acrel EEMS enterprise power operation and maintenance cloud platform of Acrel Electric Co., Ltd. The vulnerability resides in the /SubstationWEBV2/main/uploadH5Files interface. An authenticated attacker with low-level user privileges can exploit this flaw due to fundamental deficiencies in the verification and filtering of user-controllable inputs. This allows the transmission of malicious Trojans (Webshells) to the server. Successful exploitation of this vulnerability enables Remote Code Execution (RCE), granting the attacker full administrative access to the server. |
|---|
| Nguồn | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/X9PAw4i5kiPueKkZqCCcNVYZnnc?from=from_copylink |
|---|
| Người dùng | bigbrother_man (UID 96003) |
|---|
| Đệ trình | 20/04/2026 03:32 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 02/05/2026 21:38 (13 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 360865 [Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform uploadH5Files nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|