Name of the Vulnerable Software and Affected Versions:

Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform) (affected versions not specified)

Description:

A path traversal vulnerability exists in the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary files to the server via crafted SOAP requests, including executable JSP payloads. Successful exploitation may lead to remote code execution (RCE) and full compromise of the affected system.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.