CVE-2026-22789

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WebErpMesv2 versions prior to 1.19

Description WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Versions prior to 1.19 contain a file upload validation bypass in multiple controllers. This allows authenticated users to upload arbitrary files, including PHP scripts, potentially leading to Remote Code Execution (RCE). The issue is similar to another reported problem but exists in different code locations.

Recommendations Update to version 1.19 or later.

Exploit

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-616

Related Identifiers

CVE-2026-22789

GHSA-64RV-F829-X6M4

Affected Products

Weberpmesv2

CVE-2026-22789

Weakness Enumeration

Related Identifiers

Affected Products

References · 8