exploitDog

CVE-2025-41347

Опубликовано: 18 нояб. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iest:winplus:24.11.27:*:*:*:-:*:*:*

EPSS

Процентиль: 20%

0.00063

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-4xw5-95w2-c94q

CVSS3: 9.8

github

3 месяца назад

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.

EPSS

Процентиль: 20%

0.00063

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434