Описание
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution.
Ссылки
- Product
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:huayi-tec:jeewms:2025-08-20:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00158
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 6.5
github
4 месяца назад
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution.
EPSS
Процентиль: 37%
0.00158
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-77