PT-2025-10981 · Unknown · Zzskzy Warehouse Refinement Management System
F14G
·
Publicado
2025-03-12
·
Atualizado
2025-03-12
·
CVE-2025-2216
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
zzskzy Warehouse Refinement Management System version 1.3
Description:
A critical issue has been found in the UploadCrash function of the file /crash/log/SaveCrash.ashx. The manipulation of the
file argument leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Recommendations:
For zzskzy Warehouse Refinement Management System version 1.3, consider disabling the UploadCrash function of the /crash/log/SaveCrash.ashx file until a patch is available. Restrict access to the
file argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Access Control
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Zzskzy Warehouse Refinement Management System