Name of the Vulnerable Software and Affected Versions LOTCMAN:PLM (affected versions not specified)

Description The issue is related to the "ЛОЦМАН Дизайнер форм" module in the LOTCMAN:PLM system, which allows for unlimited upload of dangerous file types. This can be exploited to execute arbitrary code by replacing dll libraries, such as mpr.dll, in specific directories.

Recommendations As a temporary workaround, consider restricting access to the vulnerable module "ЛОЦМАН Дизайнер форм" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.