exploitDog

GHSA-4xw5-95w2-c94q

Опубликовано: 18 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.7

CVSS3: 9.8

Описание

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.

Ссылки

EPSS

Процентиль: 20%

0.00063

Низкий

8.7 High

CVSS4

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2025-41347

CVSS3: 9.8

nvd

3 месяца назад

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.

EPSS

Процентиль: 20%

0.00063

Низкий

8.7 High

CVSS4

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434