PT-2025-37390 · Unknown · Echarge Hardy Barth Salia Plcc
Xu-17
·
Published
2025-09-13
·
Updated
2026-01-09
·
CVE-2025-10371
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
eCharge Hardy Barth Salia PLCC version 2.2.0
Description:
A security flaw exists in eCharge Hardy Barth Salia PLCC 2.2.0 related to unrestricted upload. The issue affects processing of the file
/api.php. Manipulation of the setrfidlist argument allows for unrestricted upload and may be performed remotely. The exploit has been publicly released. The vendor was contacted but did not respond.Recommendations:
As a temporary workaround, consider restricting access to the
/api.php file.
Avoid using the setrfidlist argument in the affected API endpoint until the issue is resolved.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Echarge Hardy Barth Salia Plcc