CVE-2026-4220

Name of the Vulnerable Software and Affected Versions Technologies Integrated Management Platform version 7.17.0

Description A flaw exists in an unknown functionality within the /SetWebpagePic.jsp file of the software. Manipulation of the targetPath/Suffix argument allows for unrestricted file uploads, potentially initiated remotely. The exploit for this issue has been publicly disclosed, and the vendor was informed but did not respond.

Recommendations Technologies Integrated Management Platform version 7.17.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.