| 标题 | www.digiwin.com digiwin ERP system v5.1 Unrigorous file uploading results in RCE |
|---|
| 描述 | A critical security vulnerability has been identified in the file upload functionality of the Digiwin ERP system. This vulnerability allows unauthenticated users to upload arbitrary files, which can lead to remote code execution (RCE) and potentially grant attackers full control over the server. |
|---|
| 来源 | ⚠️ https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_3.md |
|---|
| 用户 | XU NIE (UID 82414) |
|---|
| 提交 | 2025-03-07 16時32分 (1 年前) |
|---|
| 管理 | 2025-03-24 12時19分 (17 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 300726 [Digiwin ERP 5.1 /Api/FileUploadApi.ashx DoUpload/DoWebUpload 文件 权限提升] |
|---|
| 积分 | 17 |
|---|