Yueying

**Name of the Vulnerable Software and Affected Versions** Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0 **Description** A problematic vulnerability was found in the Chengdu Flash Flood Disaster Monitoring and Warning System. This issue affects the file /Service/FileHandler.ashx, where the manipulation of the `userFile` argument leads to unrestricted upload. The exploit has been disclosed to the public. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0, consider disabling the /Service/FileHandler.ashx file or restricting the use of the `userFile` argument until a patch is available. Restrict access to this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.