Unrestricted file upload

2021-04-0612:15:00

PRIOn knowledge base

www.prio-n.com

9.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.

CPENameOperatorVersion
deltaflowge4.0
deltaflowlt7.7

CPE	Name	Operator	Version
	deltaflow	ge	4.0
	deltaflow	lt	7.7

References

www.chtsecurity.com/news/7f0874b5-516b-4637-842d-b6fb6c335c66

www.twcert.org.tw/tw/cp-132-4620-58f9c-1.html