Описание
A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
EPSS
Процентиль: 33%
0.00133
Низкий
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.3
github
12 месяцев назад
A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
EPSS
Процентиль: 33%
0.00133
Низкий
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-284