PT-2026-40606 · Unknown · Qihang-Wms
Published
2026-05-13
·
Updated
2026-05-13
·
CVE-2026-37430
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
qihang-wms version 75c15a
Description
An arbitrary file upload flaw in the
ShopOrderImportController.java component allows attackers to execute arbitrary code by uploading a specially crafted file.Recommendations
Restrict access to the
ShopOrderImportController.java component to minimize the risk of exploitation.Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qihang-Wms