CVE-2026-5261

🗓️ 01 Apr 2026 08:15:55Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 3 Views🌐 WEB

Unrestricted file upload via uploadFileToIIS in BaseHandler.ashx on Shandong Hoteam InforCenter PLM up to 8.3.8.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-5261	1 Apr 202608:15	–	attackerkb
Circl	CVE-2026-5261	1 Apr 202611:16	–	circl
CNNVD	Hoteam InforCenter PLM 代码问题漏洞	1 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-5261 Shandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted upload	1 Apr 202608:15	–	cvelist
EUVD	EUVD-2026-17849	1 Apr 202609:31	–	euvd
NVD	CVE-2026-5261	1 Apr 202609:16	–	nvd
Positive Technologies	PT-2026-29483	1 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-5261	2 Apr 202610:53	–	redhatcve
Vulnrichment	CVE-2026-5261 Shandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted upload	1 Apr 202608:15	–	vulnrichment

Vulners

Node

shandong_hoteam inforcenter_plmMatch8.3.0

shandong_hoteam inforcenter_plmMatch8.3.1

shandong_hoteam inforcenter_plmMatch8.3.2

shandong_hoteam inforcenter_plmMatch8.3.3

shandong_hoteam inforcenter_plmMatch8.3.4

shandong_hoteam inforcenter_plmMatch8.3.5

shandong_hoteam inforcenter_plmMatch8.3.6

shandong_hoteam inforcenter_plmMatch8.3.7

shandong_hoteam inforcenter_plmMatch8.3.8

[
  {
    "vendor": "Shandong Hoteam",
    "product": "InforCenter PLM",
    "versions": [
      {
        "version": "8.3.0",
        "status": "affected"
      },
      {
        "version": "8.3.1",
        "status": "affected"
      },
      {
        "version": "8.3.2",
        "status": "affected"
      },
      {
        "version": "8.3.3",
        "status": "affected"
      },
      {
        "version": "8.3.4",
        "status": "affected"
      },
      {
        "version": "8.3.5",
        "status": "affected"
      },
      {
        "version": "8.3.6",
        "status": "affected"
      },
      {
        "version": "8.3.7",
        "status": "affected"
      },
      {
        "version": "8.3.8",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/submit/780725
vuldb	www.vuldb.com/vuln/354450
vuldb	www.vuldb.com/vuln/354450/cti
my	www.my.feishu.cn/docx/ToGkdd5jwokb4PxEMkHcKrfXn3b

Parameter	Position	Path	Description	CWE
File	request body	/Base/BaseHandler.ashx	Unrestricted file upload via uploadFileToIIS in Base/BaseHandler.ashx allowing remote attacker to upload arbitrary files.	CWE-284, CWE-434

29 Apr 2026 01:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 46.9

CVSS 3.17.3

CVSS 27.5

CVSS 37.3

EPSS0.00018

SSVC