PT-2025-24064 · Unknown · Soar Cloud Hrd Human Resource Management System

Yen Chun Shen

Publicado

2025-06-06

Atualizado

2026-02-04

CVE-2025-48782

CVSS v4.0

9.9

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

Name of the Vulnerable Software and Affected Versions Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408

Description The issue concerns an unrestricted upload of files with dangerous types in the upload file function, allowing remote attackers to execute arbitrary system commands via a malicious file.

Recommendations For Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408, consider restricting or disabling the upload file function until a fix is available to prevent the execution of arbitrary system commands.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2025-48782

Produtos afetados

Soar Cloud Hrd Human Resource Management System

PT-2025-24064 · Unknown · Soar Cloud Hrd Human Resource Management System

CVE-2025-48782

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8