CVE-2023-6102

Name of the Vulnerable Software and Affected Versions Maiwei Safety Production Control Platform version 4.1

Description A problematic issue was found in the Maiwei Safety Production Control Platform, affecting an unknown function of the file /Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent. This issue leads to unrestricted upload and can be exploited remotely. The exploit has been disclosed publicly.

Recommendations For Maiwei Safety Production Control Platform version 4.1, consider restricting access to the /Content/Plugins/uploader/FileChoose.html file to minimize the risk of exploitation. As a temporary workaround, avoid using the fileUrl parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.