| 标题 | Chengdu Sobey Digital Technology Co., Ltd. Sobey Media Convergence System V2.0-2.1 Uploaded File |
|---|
| 描述 | This interface does not effectively validate and filter uploaded filenames and content. Attackers can construct special requests to upload malicious script files (such as JSPs) with fake extensions and write these script files to the web directory via path traversal (such as ../../). After successful upload, attackers can trigger remote code execution (RCE) by accessing the script. |
|---|
| 来源 | ⚠️ https://github.com/hacker-routing/cve/issues/1 |
|---|
| 用户 | routing_love (UID 92805) |
|---|
| 提交 | 2025-11-20 07時51分 (5 月前) |
|---|
| 管理 | 2025-12-06 09時56分 (16 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 334602 [Sobey Media Convergence System 2.0/2.1 upload 文件 目录遍历] |
|---|
| 积分 | 19 |
|---|