PT-2026-2308 · Unknown · Weberpmesv2

Nedlir

·

Publicado

2026-01-12

·

Atualizado

2026-01-21

·

CVE-2026-22789

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions WebErpMesv2 versions prior to 1.19
Description WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Versions prior to 1.19 contain a file upload validation bypass in multiple controllers. This allows authenticated users to upload arbitrary files, including PHP scripts, potentially leading to Remote Code Execution (RCE). The issue is similar to another reported problem but exists in different code locations.
Recommendations Update to version 1.19 or later.

Exploit

Correção

RCE

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434CWE-616

Identificadores relacionados

CVE-2026-22789
GHSA-64RV-F829-X6M4

Produtos afetados

Weberpmesv2