14 matches found
CVE-2025-1165
A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-1646
A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. The attack m...
EUVD-2025-2039
Malicious code in bioql PyPI...
EUVD-2025-4257
Malicious code in bioql PyPI...
CVE-2025-1646
A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. The attack m...
CVE-2025-1646 Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload
A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. The attack m...
CVE-2025-1646 Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload
A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. The attack m...
CVE-2025-1646
Lumsoft ERP 8 contains a critical vulnerability in the ASPX File Handler component, specifically in the /Api/TinyMce/UploadAjaxAPI.ashx endpoint. The issue arises from manipulating the file argument, enabling unrestricted file uploads and remote exploitation. Public disclosure exists and has been...
PT-2025-7810 · Lumsoft · Lumsoft Erp
Name of the Vulnerable Software and Affected Versions: Lumsoft ERP version 8 Description: A critical issue has been found in Lumsoft ERP 8, affecting some unknown functionality of the file "/Api/TinyMce/UploadAjaxAPI.ashx" of the component ASPX File Handler. The manipulation of the file argument...
CVE-2025-1165
A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-1165 Lumsoft ERP FileUploadApi.ashx DoWebUpload unrestricted upload
A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-1165
Lumsoft ERP 8 is affected by CVE-2025-1165 in the DoUpload/DoWebUpload function of /Api/FileUploadApi.ashx. The vulnerability arises from manipulating the file argument to enable unrestricted remote uploads. Public exploits have been disclosed. Red Hat and community advisories corroborate the iss...
CVE-2025-1165 Lumsoft ERP FileUploadApi.ashx DoWebUpload unrestricted upload
A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
Lumsoft ERP 安全漏洞
Lumsoft ERP is an enterprise resource management system from Lumsoft Corporation. A security vulnerability exists in Lumsoft ERP version 8, which originates from the file parameter file of the DoUpload/DoWebUpload function in file/Api/FileUploadApi.ashx that can lead to unrestricted uploads...