Zw Cai

Name of the Vulnerable Software and Affected Versions: NUP Pro (affected versions not specified) Description: NUP Pro developed by NewType Infortech has a SQL Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands. Successful exploitation can lead to the ability to read, modify, and delete database contents. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NUP Portal (affected versions not specified) Description: The NUP Portal application developed by NewType Infortech suffers from a missing authentication issue. This allows unauthenticated remote attackers to directly upload files to the system. Successful exploitation, bypassing file extension restrictions, could enable attackers to upload and execute webshells on the server. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.